Digital Workshop

Hi

In a pub I'm working on, the viewer can set (and reset) their own password, which is stored in a text file. If they then input the correct password into a text input box, and it matches the stored password, they can enter (and reset their password, if they wish). Text file storage in Opus allows an encryption key to be set. So, if the file is found, the contents are encrypted.

However, nothing stops another viewer on the same computer from locating and deleting the password storage file itself. Then they can set a new password and enter.

If I create a regular publication or chapter password, rather than allow the viewer to create one, this would solve the problem. However, it would mean that all installations of the pub on any computer would have the same password. Not very secure. Plus initially e-mailing the password to every viewer is not the most secure option.

So, I would like to stay, if possible, with allowing each viewer to create their own password. The challenge is to providing adequate security for sensitive information. Is there a way to hide the password storage file or set up an action to save it in an inaccesible location where it can't be deleted (also has to be set up or scripted into the pub to store to a location that all computers have like C://, etc.)

I would appreciate any ideas.

Kind Regards,
Stephen

Hi Stephen,

It's possible to save your name and password in the windows registry. This can be unique for each user and difficult to delete, because you have to know how to find and delete it in the registry.

I hope this will help.

Kind regards,

Thanks, Oscar for your thoughtful reply.

I had initially used the registry, even choosing a name not easy to recognize, instead of the Opus Publication Data one. However, even a registry key, as we who work with them know, can easily be deleted. So, I chose a more "hidden" text file for storage.

I would still prefer a more secure solution. In checking on the Web, it appears there are ways (using a kernel mode?) to better hide a file. Also, I notice solutions involving embedding info in a jpeg or other image file. I'm not sure how to make use of these.

The ideal solution would be to have the Opus executible file carry the text file as a resource file that can't be deleted, but can be written to and read. I was able to add a text file as a resource. However, when the executible file is run, it simply adds the text file to the program folder for the publication in the user's computer, which is not well hidden.

The data being protected is "health sensitive" data. For example, if a viewer enters their medical conditions and doesn't want another user of the same computer to be able to view these. I want to try to achieve the best security possible. (At this point, absent a strong security, I've added a warning message saying that the data stored is not fully secure.)

Any help is appreciated.

Kind Regards,
Stephen

Hi Stephen,

Not if you have a username AND a password in the same encrypted Opus text file.

Store all the personal details in that same file as well. That way, if another person accesses the computer, they cannot simply delete someone elses password, as they will need to basically logon as a new user. The worst they can do is to delete the files but not generally access them to view the information.

If someone logs on on as another person, they will need to know the person's encrypted password.

Hi Steve

I'm not sure I understand about storing both username and password in the same text file. I haven't set up a user name for the executible publication, just the option of a viewer inputed password to help secure sensitive data. So, I'm not sure where the user name applies.

Do you mean the general user names (and passwords) computer users set in Windows XP, other systems, allowing them access to certain files/programs and restricting access to those without that user name and password?

Could you walk me through what you mean? I can't seem to get my brain around it.

The idea, however, of storing the health senstive info (encrypted) in the same text file could help advance the security, since the person snooping, would (a) be unable to read it due to encryption and (b) by deleting the file to void the password setting, would also be deleting the health info (unless they copied it into another notepad file first and after setting a new password added it back into the new text file genereated by password re-setting).

Please advise further about the user name and password option.

Thanks again for your creative ideas.

Kind Regards,
Stephen

Hi All

Thanks to the leads provided, I was able to solve the issue.

Steve H's lead above about access to files limited to each user in XP was a critical part of the solution. If the text file is stored in an area that only the current user (person storing their data) can access, only they can delete this file (unless, possibly, if they provide administrator rights to others or forget to log out, share their password).

So, the solution provides encrypted file storage, accessible only to the current user.

Thanks again!

Kind Regards,
Stephen

Hi Stephen,

That was not really what I meant, as I was refering to the method of setting up a username and password by storing a variable as the filename. i.e. when you "write to disk" the current username variable is what the name of the file is. Within that file, you have other information written, which you would encrypt via Opus. When the file is "read from disk" the filename is stored into a variable which it must match, plus the password.

However it is good to see you have found another practical solution which is of benefit and suitable for you. It only goes to show there are a various solutions to the task at hand. Thanks for sharing this information with us.