WOLFRAM

Services & Resources / Wolfram Forums / MathGroup Archive

MathGroup Archive 2012

[Date Index] [Thread Index] [Author Index]

Search the Archive

Re: CDF Security

  • To: mathgroup at smc.vnet.net
  • Subject: [mg128503] Re: CDF Security
  • From: John Fultz <jfultz at wolfram.com>
  • Date: Thu, 25 Oct 2012 23:32:46 -0400 (EDT)
  • Delivered-to: l-mathgroup@mail-archive0.wolfram.com
  • Delivered-to: l-mathgroup@wolfram.com
  • Delivered-to: mathgroup-newout@smc.vnet.net
  • Delivered-to: mathgroup-newsend@smc.vnet.net
  • References: <20121025054133.AA444687F@smc.vnet.net>
In general, it's difficult to lock down CDF to totally prevent this sort 
of thing.  CDF is, after all, an open, plain text format which any 
sufficiently knowledgeable user could crack open with only modest 
effort.  So no solution you're going to come up with is foolproof.

That being said, I strongly suspect that your current method is using 
global variables and is thus much less foolproof than it could be.  
Probably the quickest and easiest way to deal with this particular issue 
is to, when creating your notebooks, make sure to choose the menu:

Evaluation->Notebook's Default Context->Unique to this Notebook

This will, at least, make sure that notebooks aren't colliding with each 
other and using the same variables.

Sincerely,

John Fultz
jfultz at wolfram.com
User Interface Group
Wolfram Research, Inc.



On Oct 25, 2012, at 12:41 AM, Gregory Lypny <gregory.lypny at videotron.ca> 
wrote:

> Hello everyone,
>
> I create CDF assignments for my students. They are pretty basic. A 
student selects their ID using a pull-down menu in a Manipulate, and the 
notebook is populated with randomized questions. The answers are buried 
in the document and are inaccessible until the deadline passes a week 
later, at which time I upload the same CDF but with a checkbox in the 
Manipulate that displays the answer under each question. So, at any 
given time, students have old CDF assignments for which the answers are 
accessible and new assignments in which they are not. I received a 
disturbing email today from a student who claims that he was able to see 
the answers for the new assignment by doing the following on his PC.
>
> - Open new quiz (where answers are blocked) in Mathematica (not the 
CDF player), enable dynamics when prompted, select ID in the Manipulate 
pulldown menu
> - Open old quiz (where answers are not blocked), enable dynamics, 
select ID
> - Minimize both documents and Mathematica
> - Reopen old quiz and then close it
> - Reopen new quiz, and sadly, the answers are revealed
>
> He sent me a screenshot showing the answers, but I was not able to 
reproduce this on my Mac. I'm trying to convince him to demonstrate this 
to me on my laptop. The only thing I can think of is that because the 
assignments use variables with the same name, Mathematica is loading 
answer variables from the old as globals and these are "unlocking" the 
same variables in the new. Any thoughts?
>
> Gregory
>
  • References:
    • CDF Security
      • From: Gregory Lypny <gregory.lypny@videotron.ca>
  • Prev by Date: Re: Creating a recursive function which returns a sequence
  • Next by Date: Re: How accurate is the solution for high degree algebraic equation?
  • Previous by thread: CDF Security
  • Next by thread: Re: CDF Security