8 Replies Latest reply on Feb 29, 2016 11:37 AM by tays01s

    Kiosk security flaw

    tays01s

      Kiosk seemed pretty secure in not allowing users to use their OS applications to copy data/ pdf's outside the Runtime. However, I noticed that because my licensing mechanism sends an email, if you try to copy stuff when the email application is ready to send the email, you can get at the RT info/pdf's.

       

      Is there a way to prevent this? Would it suffice to have 'no dialogue'? That way there's minimal time spent in the email application.

        • 1. Re: Kiosk security flaw
          Markus Schneider

          are You sending the mail via smtp or via Your default browser? smtp should work, but I can't test here

          • 2. Re: Kiosk security flaw
            tays01s

            I changed it to an smtp but still have the problem even after removing the dialogue (script below). Even without the latter, the focus goes out of Kiosk. Interestingly, if I fill the screen with a pdf container in the RT, it stops you exporting the pdf, but zooming out permits export. Very oddly, a different layout/container does not permit expert even when part of the Desktop is showing even though both examples have view only for layout and field.

             

            Commit Records/Requests

            Set Variable [ $Path; Value:Get ( TemporaryPath ) & "License_request" ]

            Export Field Contents [ Home::Encrypt_R; “$Path” ]
            Send Mail [ Send via E-mail Client; To: "Emailaddress"; Subject: "License_request"; Attachment: “$Path” ]

            [ No dialog ]

            Show Custom Dialog [ Title: "License"; Message: "1. Pay £10 via Paypal to: Emailaddress.¶¶; Default Button: “OK”, Commit: “Yes” ]

             

            • 3. Re: Kiosk security flaw
              Markus Schneider

              Your script shows 'send via email-client', not smtp

              • 4. Re: Kiosk security flaw
                tays01s

                Apologies, I'm showing my ignorance; I was thinking of my own email address.

                 

                However, while I can get User name/ email from fields I have, how do I automatically enter user info for:

                Outgoing SMTP Server, Server Port, Use Secure Sockets Layer (SSL),  Authentication,  User Name, Password?

                • 5. Re: Kiosk security flaw
                  Mike_Mitchell

                  What stops the user from taking a series of screen shots?

                   

                  I think you're trying to keep people who have access to the data from having access to the data. Fundamentally flawed concept. Either they can be trusted with the information, or they can't. Once you give them access, you really can't stop them (technologically) from taking it elsewhere.

                  • 6. Re: Kiosk security flaw
                    tays01s

                    I don't mind the odd screen shot, but I don't want them to export the whole 'e-book' pdf to all their friends who haven't bought a license.

                    • 7. Re: Kiosk security flaw
                      Mike_Mitchell

                      Then you need to control that inside the ebook with a password or code that you give it when they register.

                       

                      Otherwise, anyone with a copy can pass it out all they like, regardless of what you do with the database.

                      • 8. Re: Kiosk security flaw
                        tays01s

                        I am also looking into Apple script to automatically enter a pw into the pdf. However, exported pdf's can have their security stripped. I'm not sure if it's a 'brute force' attack offered by software or something else. However, trying to prevent export of the pdf seemed like a useful extra layer.