Autodesk viewer model security - security

Simply wonder about the security of the model once it is loaded in the viewer. Is it possible to scrape/datamine/download or otherwise take this model out of the browser and into my local file system?

The web is an open platform, so once the model is loaded in the viewer, there's no way of preventing the user from scraping its data.
On the other hand, it's also worth saying that the data that's being loaded into the viewer is not your original design file, but rather a special file format optimized for viewing on the web (think a PDF version of a Word document). As an example, if somebody were to mine the data of your Inventor assembly loaded in the viewer, they will be able to access the three.js meshes and some of the metadata attached to them, not the original components, solid bodies, etc.

Related

Save Dynamic Tilemap Layer Locally

I’m trying to make a game that has a map editor, and I would like to save layers locally to the file system. Can somebody help me to add this feature? And I also don’t have anything because I don’t know where to start, so I don’t have any code to show.
In JavaScript/HTML5 you cannot save to a file without a user action. You can present the user with a save-file dialog and then save whatever data you have to a file, see this question.
Alternatively, you can just save your layers objects to the local storage, which is storage within the browser cache. The only downside is that if you open the same page in a different browser (for example switch from FireFox to Chrome) then the save is not available. For more information, see this question.

Pass google earth a secure KML file

Is it possible to pass a secure KML file to Google Earth?
This KML file will require either a token or authentication of some sort.
(I'll adapt the solution based on the possible methods of securing the KML file that are acceptable.)
We need to display some secure information on a google map, and yes we are an enterprise customer. (If that helps.)
That alternative is to plot the points using the google API, but that require's slightly more effort.
If your intention is just to protect the Kml from unauthorized access, you can use the following approach. I tried this approach in one of the scenarios and it worked for me.
http://keelypavan.blogspot.com/2011/07/protect-kml-kmz-files-from-unauthorized.html
Just some information..
If you pay Google you can have your website run via HTTPS.
If you want something that's a bit more powerful to play with, you might want to try something like GeoServer with an OpenLayers frontend. It can serve your data dynamically from a postgres database as kml (or kmz, gif, jpeg, png, svg, and even pdf) out of the box. You don't have to code a single line to get that done, and it's free.
And indeed, you could draw stuff yourself by using the Google Maps API, but if your page is HTTPS, your users will get a warning about Google's javascript files.
Furthermore, if your browser sucks (at rendering maps), Google does the actual rendering for you server-side, and for that, the actual data will be sent to Google, and a rendered overlay image will be sent back. Maybe you can disable that behaviour, but at least you should be aware of that if you're concerned about security.
As KML files are loaded by Google servers, you can restrict access to KML file only for Google servers.

word document viewer browser plugin

Is there a browser plugin or an extension that allows the user to view .doc files in browser?
I need to embed in my application, a document viewer. So far, I tried using services like google docs, but this solution doesn't work for our application, because of some security problems.
Do you know about the Office Web Apps? Microsoft developed something similar to Google Docs and you can use the Word Web Application to view Word files. It will pretty much display anything - a lot of editing functions from the offline version are not available though.
If you are just looking for a viewer search for "Word ActiveX Viewer" and you will find plenty (commercial) viewers.
To have IE open the .doc within the browser and not in a separate winword.exe, you need to define the association at client end.
As .doc file is an external resource to HTML, it would download the file into its temp, and then attempt to launch it. It would launch it using the default program that it is associated with.
To control this behavior, please have a look at:
http://www.shaunakelly.com/word/sharing/opendocinie.html
I thought Internet Explorer + Microsoft Office used to do this by default?
I can for sure tell you that other than converting the doc to html you won't get a cross-browser, cross-platform solution.
Since you are saying it's for viewing only, that would seem like the way to go.

Unable to link directly to WMV video file

I have a wmv video hosted in SharePoint. I've created a Content Editor web part with a bit of custom content and I've placed a simple link to the video Click to view.
There is really nothing special going on here. Some users can click on the link and the video opens in their default video player. Other users see a range of different errors/prompts. Some users are prompted for their network credentials and others receive a generic "Internet Explorer cannot display the webpage.
The same problems occur if I create a generic HTML web page (outside of SharePoint) and have users try to launch the video.
I am trying to avoid embedding the video in the HTML and just have users link directly to the video itself.
Has anyone encountered this issue and do you have any suggestions for making this work?
This appears to be a combination of browser issues and file security.
People are being asked for their network credentials because the file itself is not "public"; it requires authentication to be read, or appears to do so from your description. Different browsers will display different messages when attempting to authenticate for the file.
Additionally, the default player for a browser may not be set or the browser may not allow passoff to third party programs, both of which will generate different messages for different browsers. This will always be an issue for hot-linked videos, and there's nothing you can do about it except use some guaranteed playback platform that all consuming browsers must have installed, such as Flash or Silverlight. That comes with issues all on its own, but such is the nature of the online world.

Adding an 'paste screenshot' option to Mantis bugtracker

We're using the Mantis bugtracker (version 1.1.8), which is based on PHP. To ease the workflow of adding bugs we'd like to add an option to paste screenshots from the clipboard directly into the 'new bug form'.
Screenshots make bugreports much more valuable for developers, so I'd like to make adding them as easy as possible. Preferably without using an external application, but right in the browser.
I've looked all over for a way to add this, but no luck. How do other people do this? Am I missing something obvious?
edit: The bugtracker is a private one, in a small company, so I'd be willing to accept the security risks that for example Java applets present.
There isn't really a way to do this short of using ActiveX, applet or Flash-type technology on the client. Even then, there are numerous security roadblocks. A browser has no easy way to convert stuff from the clipboard into a suitable format for upload to a website, and even if it did there would be security concerns. For example, malicious code in a page could copy sensitive information from your clipboard and send it to the page's site without you even knowing it was happening.
Update: There is a standalone screen capture utility which claims to work with Mantis (and a whole bunch of other bug-trackers). This is probably your best option.
There is a drag n drop image attacher Java applet for Atlassian Confluence which has the functionality you need. It only supports Confluence but as the sourcecode is freely available under BSD you should be able to customize it to your needs.
Forgot the link:
http://confluence.atlassian.com/display/CONFEXT/Drag+and+Drop+Image+Attacher+Plugin
I've managed to build my own solution that works quite well. It places a Java file upload applet on the pages where you'd want to attach a screenshot. The applet has two buttons:
'paste screenshot', which pastes an image from the clipboard into the applet
'upload screenshot', which uploads the pasted image to the /tmp dir on the Mantis server and uses a javascript callback to place the autogenerated filename of the uploaded image into a form field.
Once the form is submitted, a new function in Mantis uses the filename in the form field to move the image from /tmp to the final location and processes the image just like other attachments. If the form is never submitted the uploaded file remains in /tmp and will eventually be purged by the server.
It works well, but has one drawback that I cannot avoid: I'm using Java to get access to the client's clipboard, but that requires breaking the JVM sandbox. Apparently, this can be done if you digitally sign the applet, which requires a rather expensive yearly payment (something like $500) to a company like Verisign (currently free options like cacert.org are still limited in their usefulness).
Another way to allow Java applets access to the clipboard is to create a file called .java.policy in your home or profile directory. This file should contain the following (Replace the domain with the domain that hosts your Java applet):
grant codeBase "http://bugs.example.com/-" {
permission java.awt.AWTPermission "accessClipboard";
};
Thankfully the solution is cross-browser compatible since the JVM always checks the same file regardless of the browser used. Since my solution requires having this .java.policy file on each client computer I don't consider it ideal, but workable in a controlled company environment.
I looked in to this also. No real easy way, so instead I allowed them to upload an unlimited number of files and those files would then be "attached" to that bug. It actually turned out to be better because they can upload screenshot, spreadsheets, word docs, etc.
Like yours, this is an internal only site so security is light. I did this in ASP.Net, but the general idea is that when they are looking at a page for a bug they have an upload box. When they upload something I pre-append it with the bug id. So ScreenShot.jpg becomes 233_ScreenShot.jpg.
Also on that page is a grid (GridView) that is bound to all of the filenames in my upload directory that start with that bug id.
To see what this looks like click here.
For tech-oriented users, there's always to possibility of using Eclipse + Mylyn + Mylyn-Mantis connector.
Then uploading screeshots is very easy:
Screenshot upload http://img216.imageshack.us/img216/246/screenshotattachments1.png

Resources