Re: CDF Security

*To*: mathgroup at smc.vnet.net*Subject*: [mg128503] Re: CDF Security*From*: John Fultz <jfultz at wolfram.com>*Date*: Thu, 25 Oct 2012 23:32:46 -0400 (EDT)*Delivered-to*: l-mathgroup@mail-archive0.wolfram.com*Delivered-to*: l-mathgroup@wolfram.com*Delivered-to*: mathgroup-newout@smc.vnet.net*Delivered-to*: mathgroup-newsend@smc.vnet.net*References*: <20121025054133.AA444687F@smc.vnet.net>

In general, it's difficult to lock down CDF to totally prevent this sort of thing. CDF is, after all, an open, plain text format which any sufficiently knowledgeable user could crack open with only modest effort. So no solution you're going to come up with is foolproof. That being said, I strongly suspect that your current method is using global variables and is thus much less foolproof than it could be. Probably the quickest and easiest way to deal with this particular issue is to, when creating your notebooks, make sure to choose the menu: Evaluation->Notebook's Default Context->Unique to this Notebook This will, at least, make sure that notebooks aren't colliding with each other and using the same variables. Sincerely, John Fultz jfultz at wolfram.com User Interface Group Wolfram Research, Inc. On Oct 25, 2012, at 12:41 AM, Gregory Lypny <gregory.lypny at videotron.ca> wrote: > Hello everyone, > > I create CDF assignments for my students. They are pretty basic. A student selects their ID using a pull-down menu in a Manipulate, and the notebook is populated with randomized questions. The answers are buried in the document and are inaccessible until the deadline passes a week later, at which time I upload the same CDF but with a checkbox in the Manipulate that displays the answer under each question. So, at any given time, students have old CDF assignments for which the answers are accessible and new assignments in which they are not. I received a disturbing email today from a student who claims that he was able to see the answers for the new assignment by doing the following on his PC. > > - Open new quiz (where answers are blocked) in Mathematica (not the CDF player), enable dynamics when prompted, select ID in the Manipulate pulldown menu > - Open old quiz (where answers are not blocked), enable dynamics, select ID > - Minimize both documents and Mathematica > - Reopen old quiz and then close it > - Reopen new quiz, and sadly, the answers are revealed > > He sent me a screenshot showing the answers, but I was not able to reproduce this on my Mac. I'm trying to convince him to demonstrate this to me on my laptop. The only thing I can think of is that because the assignments use variables with the same name, Mathematica is loading answer variables from the old as globals and these are "unlocking" the same variables in the new. Any thoughts? > > Gregory >

**References**:**CDF Security***From:*Gregory Lypny <gregory.lypny@videotron.ca>