How to Https locally?

S

Stanley Omega

Hello,

I use the web browser control to display some html reports in a winforms
application. The problem is this kills security because anyone can read the
reports just by accessing the file system.
The reports are generated dynamically at runtime in memory and then saved to
the file system and then the local url is passed to the web browser control
for rendering.

I want to implement the same scenario as Https whereby the user can generate
the report view it, print it etc, but once they leave the page the contents
of the page are rendered useless.
I cannot use Window explorer to pull out cached files of my most recent
visit to my bank. These appear to be terminated once i leave the site. This
is the behavior i want for reports generated by my application.

Any ideas on how to do this please?

Thanks

Stano
 
S

Steve Alpert

Stanley said:
Hello,

I use the web browser control to display some html reports in a winforms
application. The problem is this kills security because anyone can read the
reports just by accessing the file system.
The reports are generated dynamically at runtime in memory and then saved to
the file system and then the local url is passed to the web browser control
for rendering.

I want to implement the same scenario as Https whereby the user can generate
the report view it, print it etc, but once they leave the page the contents
of the page are rendered useless.
I cannot use Window explorer to pull out cached files of my most recent
visit to my bank. These appear to be terminated once i leave the site. This
is the behavior i want for reports generated by my application.
Click to expand...
I don't think this has anything to do with https. What kind of caching
discipline are you setting (if any) in the html header. Turn off caching.

/steveA
 
S

Stanley Omega

I don't think this has anything to do with https. What kind of caching
discipline are you setting (if any) in the html header. Turn off caching.

/steveA
Click to expand...

Hi Steve,

None. I dont think it has anything to do with https either because my
understanding is that this is encryption across the wire and in my case
there is no wire.
I hope it demonstrates the capability i want however. If someone snoops
through a file system they cannot (easily) access my bank details just
because i surfed there with my browser.

Whereas currently with my app they can easily just pull up the temp files i
use to build the html report page. I can of course delete these post viewing
but i'd rather they
were never openly exposed to the filesystem to begin with. Note im using
xhtml to provide a much richer layout in my reports than i can achieve with
say Crystal.
So (too anyone) else whose may be about to suggest i use Crystal, thanks but
no thanks. The trap being using my own encryption will break the ability of
the webbrowser
control to act as the report viewer.

Perhaps i need to be thinking a little more about ntfs? But even then an
admin of a given computer does not and should not neccessarily have access
to certain business data.
Hence my need to provide protection over and above the filesystem whilst
delivering rich report layout features and ensuring my costs are kept to a
minimum.

Im sure there is a really simple, albeit elusive answer to all of this.

Thanks

stano
 
M

Marcus

Whereas currently with my app they can easily just pull up the temp files
i use to build the html report page. I can of course delete these post
viewing but i'd rather they
were never openly exposed to the filesystem to begin with.
Click to expand...

There's probably a way that you can manipulate the document of the browser
by directly inserting your html code into the document element of it (think
innerHTML in dhtml). I did this in Framework 1.1, although the web browser
control wasn't available yet, so it wasn't as convenient. I later gave it
up, because it caused problem with running scripts on the page for security
reasons, but you didn't mention needing to do that anyway.

Let me know if you figure it out, because I'm not sure which members to use
myself...

Good luck,
Marcus
 
A

Andy

If you're writing to the file system, there's nothing you can do to
stop the user from getting the file. Even your bank details are stored
on the file system could be read before they are deleted. A user could
even undelete them possibly.

The only method would be to take the html and directly feed it to the
browser control. (Technically even that that's not totally secure; a
user may be able to read the memory from the control, or it may be
written out the page file, which could be read as well). Of course
whether or not this is a problem depends on how paraniod you are about
a user getting the data.

FWIW, can't they just save the html source to get the data anyway?

Andy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hybrid GUI 1
HTTPS Question - Protect Single File 1
Linux Mint 18.3 “Sylvia” MATE – BETA Release 0
HTTPS (SSL) 1
Redirect From https to http 2
Need help loading browser and dynamicaly generating webpage to load 3
Auto redirect http to https 1
IE hosted user control dies when accessed over ssl 2

Top