Security schemes for Players

Alejandro Tejada capellan2000 at yahoo.com
Sat Oct 2 06:58:54 EDT 2004 

on Sat Oct 2 2004
Chipp Walters wrote:
 
>Hi Alejandro.

Hi Chipp, :-)

> I have a player which downloads stacks from a web 
> page. Here's how I do it:
> I password protect my stacks
> I create a custom control (btn,fld,img,etc..) 
> and set the script to a secret word only I know.

Could this be used when several teachers are able 
to edit the stacks?

> When I try and launch one of my stacks I do the 
> following:

> 1. lock messages (preOpenCard handler won't run)
> 2. check for the existence of the control
> 3. get the script of the control and compare it to 
> the string I know
> 4. if all is OK, then I open the stack and unlock 
> messages.

That's the mechanism that i was looking for!!!
Locking messages and checking for diverse 
data in the stack.

Just one question.

To read the script you have to unlock the stack 
script everytime you open the stack.

When do you set the password again, so scripts
are encoded again? Or is this not necessary?

> Don't put the password in a custom prop as it isn't 
> encoded when the stack is password protected. 

Good advice. Thanks!

> You could also do something fancy with a 
> checksum function if you wanted.

Like MD5digest, right?
How fast is MD5digest in diverse machines?

Getting the md5digest of a 545 mb iso cd
takes almost 30 seconds in a fast machine
using a small DOS program.

> hope this helps,

this is an excellent starting point to
begin making my own experiments here!!! :-))

Thanks a lot Chipp!

al

Alejandro Tejada wrote:


> Did anyone devised a safe and sound
> method to ensure that only your authorized
> stacks were able to open and play in your 
> custom players?
> 
> I've thought about reading some custom
> properties (wrote while developing the stacks)
> before opening the stacks, but i'm not sure
> if this will prevent that not authorized
> stacks will run offensive code within a 
> preopenstack handler.
> 
> Could you share experiences on this topic? 


=====
Visit my site:
http://www.geocities.com/capellan2000/


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

More information about the metacard mailing list