Security schemes for Players

Chipp Walters chipp at chipp.com
Sat Oct 2 15:00:32 EDT 2004 


Alejandro Tejada wrote:

>>I have a player which downloads stacks from a web 
>>page. Here's how I do it:
>>I password protect my stacks
>>I create a custom control (btn,fld,img,etc..) 
>>and set the script to a secret word only I know.

> Could this be used when several teachers are able 
> to edit the stacks?

Interesting requirement. I suppose I would create a standalone which 
would 'bless' stacks. Here's how it would work. When a teacher finishes 
editing a stack, they drag/drop it on the 'Blesser.exe' standalone and 
it would:

1) ask for a username/pass combo so we know it's a 'good' teacher
2) lock messages and looks for the custom object
3) if the custom object is there, then it would calculate a checksum for 
the new stack and put the value of it somewhere in the script. You would 
then use this checksum later on when trying to open the stack using your 
player stack. This way a teacher couldn't make modifications to your 
stack w/out having to 'reBless' it-- because any modification would 
change the checkSum and then the player wouldn't recognize it as a good 
stack.
4) save the stack and quit 'Blesser.exe'

function getChecksum pFilePath
   return URLencode(md5digest(URL ("binfile:" & pFilePath)))
end getChecksum


> Just one question.
> 
> To read the script you have to unlock the stack 
> script everytime you open the stack.
> 
> When do you set the password again, so scripts
> are encoded again? Or is this not necessary?

In runtime mode, I wouldn't worry too much about this. In development 
mode it's not a big problem either as the Blesser app described above 
wouldn't let anyone change the stack and run it w/out being blessed.

>>You could also do something fancy with a 
>>checksum function if you wanted.
> 
> 
> Like MD5digest, right?
> How fast is MD5digest in diverse machines?

See above. It's real fast for regular size stacks.
If a file is too large, consider breaking it up, or using external 
reference paths to content (like movies, images, sounds).
> 
> Getting the md5digest of a 545 mb iso cd
> takes almost 30 seconds in a fast machine
> using a small DOS program.

More information about the metacard mailing list