Creating secured word "Viewers"

Has anyone built or came accross a way to share documents by creating a "viewer" type application.

Issue: We sell a tool that produces high value documents. We have automated a complex sales process: ROI to the point that a large sales force can get by with only one user liscense. I am attempting to account for all of the true users of the documents.

One solution would be to create a vba application that the user must sign into before opening the document. The sign in data gets validated against a web database server. The users must buy the viewer. We already have the technology in place to link the activated application to the cpu to prevent multiple users from sharing one sign on.

Any thoughts, examples, etc..??
--
anthony sarno

Word
Sun Aug 01 00:01:43 CDT 2004

G'day "anthony5279" <anthony5279@discussions.microsoft.com>,

<chuckles>

If you want a long, almost pointless discussion of the principles
involved in copyrijghting software I'll oblige, but I assure you will
will end up with the same ole problems:

Lockdown vs Usability
Anything a computer can read a computer can write
Etc

Steve Hudson - Word Heretic
Want a hyperlinked index? S/W R&D? See WordHeretic.com

steve from wordheretic.com (Email replies require payment)


anthony5279 reckoned:

>Has anyone built or came accross a way to share documents by creating a "viewer" type application.
>
>Issue: We sell a tool that produces high value documents. We have automated a complex sales process: ROI to the point that a large sales force can get by with only one user liscense. I am attempting to account for all of the true users of the documents.
>
>One solution would be to create a vba application that the user must sign into before opening the document. The sign in data gets validated against a web database server. The users must buy the viewer. We already have the technology in place to link the activated application to the cpu to prevent multiple users from sharing one sign on.
>
>Any thoughts, examples, etc..??

Jonathan
Sun Aug 01 17:00:13 CDT 2004

Forget about using Word as a secure editing or viewing environment. It isn't
designed for it. Every so often, somebody comes along here with a wizard
wheeze for securing documents, and on those occasions that they actually
provide a sanple document, then it has never taken me longer than a couple
of minutes to break the security.

Once the document leaves your own secure environment, you cannot control it.

You really need to use different technology for this instead of Word.

--
Regards
Jonathan West - Word MVP
www.intelligentdocuments.co.uk
Please reply to the newsgroup

"anthony5279" <anthony5279@discussions.microsoft.com> wrote in message
news:D17E630F-7626-45BB-8B49-67CFAEB0FCF6@microsoft.com...
> Has anyone built or came accross a way to share documents by creating a
"viewer" type application.
>
> Issue: We sell a tool that produces high value documents. We have
automated a complex sales process: ROI to the point that a large sales force
can get by with only one user liscense. I am attempting to account for all
of the true users of the documents.
>
> One solution would be to create a vba application that the user must sign
into before opening the document. The sign in data gets validated against a
web database server. The users must buy the viewer. We already have the
technology in place to link the activated application to the cpu to prevent
multiple users from sharing one sign on.
>
> Any thoughts, examples, etc..??
> --
> anthony sarno

Word
Sun Aug 01 20:53:03 CDT 2004

G'day "Jonathan West" <jwest@mvps.org>,

If I send you a password locked VBA project, can you open it? My
current solution is to cypher the content and only allow decyphering
on a password being provided.

I scramble the code to make decompiling it harder, so it still boils
down to working out what bit of binary gloop does the decrypt and
running just that.

One of the problems with the test case I have implmented is that,
being a test case, there isnt much binary gloop to sort through which
if we using RSS or similar keys, wouldn't be so much a problem. I am
just using ROT13 for the sake of the exercise.

However, if you consider it easy to smash into protected VBA, then
this method starts to fall apart. The scrambler will slow you down a
lot, but hell, I used to manually decompile binary executables and
data files - no nice var names there but it never stopped me :-)

Steve Hudson - A 6502 EA drifting in cyberspace

steve from wordheretic.com (Email replies require payment)


Jonathan West reckoned:

>Forget about using Word as a secure editing or viewing environment. It isn't
>designed for it. Every so often, somebody comes along here with a wizard
>wheeze for securing documents, and on those occasions that they actually
>provide a sanple document, then it has never taken me longer than a couple
>of minutes to break the security.
>
>Once the document leaves your own secure environment, you cannot control it.
>
>You really need to use different technology for this instead of Word.

Jonathan
Mon Aug 02 03:09:32 CDT 2004


"Word Heretic" <myfullname@tpg.com.au> wrote in message
news:537rg0lb5juurlmc6s1ieh3nakkb7uq4qv@4ax.com...
> G'day "Jonathan West" <jwest@mvps.org>,
>
> If I send you a password locked VBA project, can you open it?

Yes, unfortunately. 5 seconds work. VBA passwords should not be regarded as
protection against anything more than casual curiosity.

> My
> current solution is to cypher the content and only allow decyphering
> on a password being provided.

Once the password has been given, there's nothing to prevent the document
being saved under another name, or being copied & pasted into another
document without the protection and then distributed far & wide. So even the
fact that the VBA code is password protected isn't much help. In fact, none
of the protection schemes I've seen (including content encryption decrypted
by embedded VBA code) required me to break the VBA password.

--
Regards
Jonathan West - Word MVP
www.intelligentdocuments.co.uk
Please reply to the newsgroup

Word
Mon Aug 02 07:13:27 CDT 2004

G'day "Jonathan West" <jwest@mvps.org>,

Yes, but no unauthorised folks can see / copy the document. That's all
you can really ask for...

Steve Hudson - Word Heretic
Want a hyperlinked index? S/W R&D? See WordHeretic.com

steve from wordheretic.com (Email replies require payment)


Jonathan West reckoned:

>
>"Word Heretic" <myfullname@tpg.com.au> wrote in message
>news:537rg0lb5juurlmc6s1ieh3nakkb7uq4qv@4ax.com...
>> G'day "Jonathan West" <jwest@mvps.org>,
>>
>> If I send you a password locked VBA project, can you open it?
>
>Yes, unfortunately. 5 seconds work. VBA passwords should not be regarded as
>protection against anything more than casual curiosity.
>
>> My
>> current solution is to cypher the content and only allow decyphering
>> on a password being provided.
>
>Once the password has been given, there's nothing to prevent the document
>being saved under another name, or being copied & pasted into another
>document without the protection and then distributed far & wide. So even the
>fact that the VBA code is password protected isn't much help. In fact, none
>of the protection schemes I've seen (including content encryption decrypted
>by embedded VBA code) required me to break the VBA password.

Jonathan
Mon Aug 02 07:15:37 CDT 2004

That assumes that your protection can't be broken without the password.
Unless you have thought of a way radically different from anything else that
has been tried, then I suspect I can break the document withiout too much
trouble. Would you care to email me a sample? I'll email it back to you with
protection removed if I can, and post the results back here (though not the
actual document.


--
Regards
Jonathan West - Word MVP
www.intelligentdocuments.co.uk
Please reply to the newsgroup

"Word Heretic" <myfullname@tpg.com.au> wrote in message
news:vtbsg016rmok1ftc32hakc4v0bf1i32p1b@4ax.com...
> G'day "Jonathan West" <jwest@mvps.org>,
>
> Yes, but no unauthorised folks can see / copy the document. That's all
> you can really ask for...
>
> Steve Hudson - Word Heretic
> Want a hyperlinked index? S/W R&D? See WordHeretic.com
>
> steve from wordheretic.com (Email replies require payment)
>
>
> Jonathan West reckoned:
>
> >
> >"Word Heretic" <myfullname@tpg.com.au> wrote in message
> >news:537rg0lb5juurlmc6s1ieh3nakkb7uq4qv@4ax.com...
> >> G'day "Jonathan West" <jwest@mvps.org>,
> >>
> >> If I send you a password locked VBA project, can you open it?
> >
> >Yes, unfortunately. 5 seconds work. VBA passwords should not be regarded
as
> >protection against anything more than casual curiosity.
> >
> >> My
> >> current solution is to cypher the content and only allow decyphering
> >> on a password being provided.
> >
> >Once the password has been given, there's nothing to prevent the document
> >being saved under another name, or being copied & pasted into another
> >document without the protection and then distributed far & wide. So even
the
> >fact that the VBA code is password protected isn't much help. In fact,
none
> >of the protection schemes I've seen (including content encryption
decrypted
> >by embedded VBA code) required me to break the VBA password.
>