CDF Security Issue?

General discussion about Mathematica features and functionality...
Forum Rules
By using the Wolfram Faculty Program Forum, you agree not to post any abusive, obscene, vulgar, slanderous, hateful, threatening, or sexually oriented material. Wolfram Faculty Program Forum administrators have the right to remove, edit, move or close any topic at any time should we see fit.

Personal Information: Posts in this forum may be viewed by non-members; however, the forum prohibits non-members from viewing your profile. Although your email address is hidden from both non-members and members, your account is initially configured to allow members to contact you via email through the forum. If you wish to hide your profile, or prohibit others from contacting you directly, you may change these settings by updating your profile through the User Control Panel.

Attachments: Attachments are not currently enabled on this forum. To share a file with others on this site, simply upload your file to the online storage service of your choice and include a link to the file within your post. If your school does not offer an online file storage and sharing service, the following sites provide free basic online file storage and sharing: Mozy, FilesAnywhere, Adrive, and KeepandShare.

CDF Security Issue?

Postby Gregory » Wed Oct 24, 2012 9:51 pm

I create CDF assignments for my students. They are pretty basic. A student selects their ID using a pull-down menu in a Manipulate, and the notebook is populated with randomized questions. The answers are buried in the document and are inaccessible until the deadline passes a week later, at which time I upload the same CDF but with a checkbox in the Manipulate that displays the answer under each question. So, at any given time, students have old CDF assignments for which the answers are accessible and new assignments in which they are not. I received a disturbing email today from a student who claims that he was able to see the answers for the new assignment by doing the following on his PC.

- Open new quiz (where answers are blocked) in Mathematica (not the CDF player), enable dynamics when prompted, select ID in the Manipulate pulldown menu
- Open old quiz (where answers are not blocked), enable dynamics, select ID
- Minimize both documents and Mathematica
- Reopen old quiz and then close it
- Reopen new quiz, and sadly, the answers are revealed

He sent me a screenshot showing the answers, but I was not able to reproduce this on my Mac. I'm trying to convince him to demonstrate this to me on my laptop. The only thing I can think of is that because the assignments use variables with the same name, Mathematica is loading answer variables from the old as globals and these are "unlocking" the same variables in the new. Any thoughts?

Gregory
User avatar
Gregory
 
Posts: 32
Joined: Wed Jul 27, 2011 3:13 pm
Location: Montreal
Organization: Concordia University
Department: Finance

Re: CDF Security Issue?

Postby Kathy_Bautista » Fri Oct 26, 2012 3:51 pm

Hi Gregory,

I spoke to our Technical Support group about this issue. If you can send me an email with the following, they can take a look and see if they can offer suggestions on how to modify your code and/or the configuration of the document to avoid this issue in the future.

1. A copy of the CDF document with the answers hidden.

2. A copy of the document with the answers revealed.

3. The platform and version number of Mathematica that the student is using.

My direct email is bautista@wolfram.com.

Thanks!

-Kathy
Katherine Bautista
Senior Academic Program Manager
Wolfram Research, Inc.
http://www.wolfram.com
User avatar
Kathy_Bautista
Site Admin
 
Posts: 182
Joined: Fri Jul 31, 2009 6:24 pm
Location: Mesa, Arizona
Organization: Wolfram Research, Inc.
Department: Academic Initiatives

Re: CDF Security Issue?

Postby Gregory » Tue Nov 06, 2012 12:47 am

Hello Kathy,

Sorry for the delay in responding but I apparently didn't have automatic email notifications enabled in my forum settings.

The security issue is a nightmare. I have since come up with a crude fix for the problem I described in my October 24th post. I set the notebook's default context to "Unique to this Notebook" to keep global variables in individual CDF files from conflicting if more than one document is open at the same time. I also overwrote any answer lists with bogus answers to thwart nosey students who open the CDF in a text editor. The correct answers will be reinstalled after every deadline is passed and the document is re-uploaded for the students.

But another security glitch came up today. I uploaded the fixed CDF, which contains a checkbox in the Manipulate for showing the answers (which are fortunately bogus at the moment). The checkbox is disabled, that is, Enabled->False. I confirmed this on my Mac in both Mathematica and the CDF Player. Well, a student emailed with a screenshot showing all of the bogus answers displayed when they opened the CDF in Mathematica in one of our PC labs at Concordia University. I've sent the file as an attachment to your Wolfram address.

Gregory
User avatar
Gregory
 
Posts: 32
Joined: Wed Jul 27, 2011 3:13 pm
Location: Montreal
Organization: Concordia University
Department: Finance

Re: CDF Security Issue?

Postby Gregory » Tue Nov 06, 2012 10:42 pm

Hi Kathy,

Small update: I enlisted a couple of trusted student hackers to mess around with the CDF. They have confirmed the weakness, and that will probably tell me all that I need to know to plug the hole.

Gregory
User avatar
Gregory
 
Posts: 32
Joined: Wed Jul 27, 2011 3:13 pm
Location: Montreal
Organization: Concordia University
Department: Finance


Return to General Mathematica Discussion

Who is online

Users browsing this forum: No registered users and 0 guests

cron