Poor man's encrypted data
Dave Cragg
dcragg at lacscentre.co.uk
Sat Apr 5 12:25:01 EST 2003
At 8:21 am -0800 5/4/03, Richard Gaskin wrote:
>For sending data across the net in a semi-secure format, can you think of
>any downsides to simply storing the data in custom props in a
>password-protected stack?
One possible downside is that, although the contents of the custom
props will be encrypted, if someone is able to get the entire stack
data, then with a copy of Rev/Metacard (the starter kit will do) you
can still "get" the custom props. (Password-protecting only denies
access to the scripts.)
In the past, I've tried storing "private data" in the script of an
object to keep it secure. But this can run into problems with the
scriptLimits if you want to distribute a tool that secures data for
others to use.
Another method I used recently is to use a getprop handler to control
access to those properties using a secret code.
For example, you would set the properties you want to secure in a
custom property set.
E.g.
set the cSecuredata["PIN"] of stack "secureStack" to "1234"
set the cSecuredata["safeCombination"] of stack "secureStack" to "66l74r89l"
Then in the "secureStack" stack script, you would have a getprop
handler like this:
getprop cSecuredata[tKey]
if item 1 of tKey is "mysecret" then
return the cSecuredata[item 2 of tKey] of me
else
return empty
end if
end cSecuredata
Then to get the "PIN" property, you would have to do this:
get the cSecuredata["mysecret,PIN"] of stack "securestack"
Of course, only you would know that "mysecret" or whatever you choose
is the secret code.
This should prevent access to those custom properties unless you
actually know the secret code.
Cheers
Dave
More information about the metacard
mailing list