Professional Documents
Culture Documents
INTRODUCTION
SDX On Web is a system which draws its inspiration from document based organizations such as the ISO. During the course of our study, our findings reported that there is a need for an open-source secure document exchange software. Our system distinguishes the documents according to hierarchy in the organization. This is especially useful during document retrieval and inspection. Additionally our project is like a template that can be easily customized to various organizations and educational institutions.
It is a system that can be used in an organization to manage documents across different departments. It provides robust, highly scalable, and secure on-line document management capabilities in a heterogeneous environment. The system provides a mean by which employees of an organization can upload, read, delete, update or check in/out documents with each other and provides a central repository for storing all organization related documents.
The SDX On Web software is built as a three-tier web application utilizing Web Services (WS) to enhance the modularity and ease of development.
The first tier consists of the Graphical User Interface (GUI) which will be displayed on a web browser when SDX On Web is activated. The GUI is generated from the server software, Microsoft IIS (Internet Information Service) coupled with Microsoft ASP.NET languages and technologies. As the user interacts with software the GUI will modify itself as necessary to display the correct information. Security is critical to the success of the system. All user interaction occurs at this tier and therefore all input coming from this tier must be validated. When business logic is necessary the first tier system will call the web services in the second tier.
The second tier will consist of a variety of web services that interact to fulfill the stated requirements of the customer. Web services will provide the necessary modularity required by this system to portray the SDX On Web software in an efficient manner. Dept of CSE, RNSIT 2010-11 Page 1
Chapter 1
Additionally, the Service Oriented Architecture will allow the software development team to develop various modules largely independently, increasing our productivity. Web services are organized into reusable workflows for the variety of use cases encountered. Among the business logic required for tier two is input validation, user validation, document retrieval, user account creation and modification, writing to tier three storage, reading from tier three storage, and user account rights verification.
The last, third tier, is primarily a storage layer. Information is stored at this layer such as user details, documents, and document sharing information. Storage will be accomplished via the Microsoft SQL Server 2005 Express Edition relational database system. SQL Server is a well known and accomplished solution for multi-user concurrent database storage systems. One of our primary requirements is to prevent access to this layer by unauthorized users.
Corporate-level management officials, such as CEO, president, vice presidents: Corporate-level users include all the management officials, such as CEO, president, vice presidents, who are responsible for the operations of multiple departments. They have the highest level access rights, which is they can access any documents in the departments they are responsible for with full rights.
Department manager: A Department Manager is a special kind of employee who takes charge of the operations of a department. Apparently, a Department Manager not only have the same privilege as the regular employees, but also he/she has more access rights. In other words, the restrictions on all the operations are different from those of Employees. Department Managers can delete all the documents in the department that they are responsible for. Also, Department Managers cannot access documents uploaded by corporate-level users unless the documents are shared with them.
Regular employees: Employees are users that have been approved by the System Administrator to have full access to the capabilities of the SDX on Web System. Employees may upload documents, view, upload, share, delete, and check out documents. There are restrictions on the above operations. Employees may only delete documents that have been authored by the user. Other users may restrict Sharing privileges to View, Update, and Check-in in any combination thereof.
2010-11
Page 2
Chapter 1
One may be able to View, but not update a document that has been shared with the user. If some shared document has been checked out by another user, they will no longer have the ability to update that document.
Temporary user: A Temporary User is a user that has signed up for an account but has not had their account approved by a System Administrator. Temporary users have no access to any part of the SDX on Web system.
Guest user: A Guest User is a user that has been approved by the System administrator. A Guest user is not an employee of the organization. Therefore, guest users cannot upload or delete any document. The only operations for Guest Users are to read, update or check in/out the documents which have been shared with him/her.
System administrators: System Administrators are users that manage the approval of other user accounts. They may not access any user's document(s) or personal data in any way. System Administrators maintain the system by getting the current system state via the System Log, Approving, and Denying users access to the SDX On Web System. After signup and approval by another System Administrator, the Department of their account is inconsequential and is ignored because System Administrators do not have access or modify Department documents.
2010-11
Page 3
Chapter 2
LITERATURE SURVEY
Google Docs
Google Docs is Google's "software as a service" office suite. Documents, spreadsheets, presentations can be created with Google Docs, imported through the web interface, or sent via email. Documents can be saved to a user's local computer in a variety of formats including: (ODF, HTML, PDF, RTF, Text, and Microsoft Word). Documents are automatically saved to Google's servers to prevent data loss, and a revision history is automatically kept. Documents can be tagged and archived for organizational purposes. The service is officially supported on recent versions of the Firefox, Internet Explorer, Safari and Chrome browsers running on Microsoft Windows, Apple OS X, and Linux operating system. Google Docs serves as a collaborative tool for editing amongst users and nonusers in real time. Documents can be shared, opened, and edited by multiple users at the same time. Users can be notified of changes to any specified regions via e-mail. The application supports two ISO standard document formats: OpenDocument (for both opening and exporting) and Office Open XML (for opening only). It also includes support for proprietary formats such as .doc and .xls.
IBM Doors
The doors subsystem is implemented as a user-space library with some kernel support, and relies heavily on threads. It is designed for low overhead, and the Solaris implementation uses some assembler code for maximum efficiency. Doors are created by server processes (which must use threads) and called by client processes. (It is possible for one process to both create and call a door.) When creating a door, the server must specify a server procedure, which will be called by the doors library on behalf of clients. Unlike most Remote procedure call systems, each door has only one server procedure.
2010-11
Page 4
Chapter 2
A server can "attach" a door to a file, enabling clients to connect to that door simply by opening that file. The ls -l command will then show the file with a 'type' of "D" (not to be confused with "d" for a directory) for example:
Clients use door_call() to invoke the door's server procedure, passing a contiguous region of memory and a list of file descriptors as arguments, and getting back another contiguous region and list of file descriptors. Either region may be empty, as may either list. Usually, two C structs will be defined, one for the input data and one for the output data. (Alternatively, tagged unions may be used, allowing a door procedure to provide multiple actions in much the same way as the ioctl system call.) Every file descriptor is accompanied by a flags word. The DOOR_RELEASE flag requests that a file descriptor be closed in the sending process after being duplicated in the receiving process. If a file descriptor that refers to a door is sent, the system records the properties of that door in the flags word.
OpenDocMan
Document management software and document management in general is based around a concept of centralized document storage, limited access, and change tracking. These three DMS software fundamentals make up much of ISO 17025 in regards to document management systems. Centralized Document Storage: Any decent document management system (DMS), whether it is open source or commercial, will allow documents to be stored in some sort of centralized location. This makes finding documents in the DMS much easier, as there is only one place to look. Limited Access: Having a centralized location to store files is not enough to call your product a document management system. A simple folder on your computer can allow files to be stored, but limiting access to specific individuals becomes more of a problem. A good DMS will allow fine-grained access to each and every file. Dept of CSE, RNSIT 2010-11 Page 5
Chapter 2
Limiting access to the DMS files is a good step in the right direction but does no good if the files can be changed, added, removed without tracking of those actions. A good document management software system will add on change tracking for the files so that changes can be noted, and reversed if need be.
2010-11
Page 6
Chapter 3
PROBLEM STATEMENT
3.1 Proposed System
A SDX On Web is a software system to facilitate access to all the documents within an organization through the Internet. An organization often needs to track various documents generated by all the users of the organization. For example, Human Resources Department keeps track of all the pay-roll and benefits information; Sales Department maintains sales record, etc. This project is to develop a SDX On Web to facilitate the management and access of all the documents of the organization. A user should be able to use this system any place and any time Internet access and web browser are available.
The documents of the departments can have different formats: Word, Excel, PowerPoint, PDF, text and image files. The system maintains all the documents and related meta-data, such as authors, titles, departments, creation time, last access time and modifications dates and time.
Users
Users of this system can be categorized according to their roles. In this project, consider the following types of roles:
2010-11
Page 7
Chapter 3
1. Corporate-level management officials, such as CEO, president, vice presidents, responsible for the operations of multiple departments.
2. Department manager: responsible for the operations of a department. 3. Regular employees: responsible for generating and maintaining most of the documents in departments. 4. System administrators: maintain all the user accounts 5. Temporary user: A user account created for a new user. 6. Guest user: A guest user who is not an employee of the organization.
2) Different user roles should have different privileges. The following are the general rules: A corporate-level management official can upload, read, delete, update or check in/out all the documents in the departments he/she is responsible for A department manager o can upload, read, delete, update or check in/out all the documents in the department he/she is responsible for o does not have access privilege on any document uploaded by corporate-level management officials unless a corporate-level management official specifies to share the document with him/her. A regular employee o can upload, read, delete, update or check in/out the documents he/she created (he/she is the author) in his/her department o does not have access privilege on any document uploaded by department managers or corporate-level management officials unless a department manager specifies to share the document with him/her.
2010-11
Page 8
SDX-Secure Document eXchange On Web System administrator o can verify new users requests and assign proper roles. o can add /modify /delete users account. o can access the system log file. o cannot access any document uploaded by users. A guest user o cannot upload or delete any document
Chapter 3
o can read, update or check in/out the documents that have been shared with him/her .
Document Management
1) The system should provide the following operations after a user has signed-in (all the operations should be provided only for the user with proper privileges): a. Show Document List Show the list of documents and meta-data related to the documents b. Upload Upload a document to the server with meta-data. c. Read Read a document by clicking its link. d. Delete Delete a document. e. Update Update content or meta-data of a document f. Check-in/Check-out The Check-Out option should be used when a user wants to temporarily lock a document in order to restrict other users from accessing to the document. When a document is checked out, No other user can update or check-out the document until it is checked in. Other users can only read the document. Only the user who checked-out can update and check-in the document.
g. Share a Document Multiple departments may need to share a document. A user can share a document with users in other departments by specifying the following: User ID(s) 2010-11 Page 9
Chapter 3
Other Requirements
a. System Audit: SDX On Web should maintain a log file which records every operation performed on any document in the system. The system administrator should be able to keep track of who have performed what operations on which documents at what time b. Transmitting a sensitive document through the Internet is not secure against eavesdropping, tampering and message forgery. SDX On Web should provide end-to-end confidentiality and authentication. c. SDX On Web should allow multiple users to use the system at the same time.
unauthorized real-time interception of a private communication, such as a phone call, instant message, video conference or fax transmission. Forgery is an illegal modification or reproduction of an instrument, document. Dept of CSE, RNSIT 2010-11 Page 10
Chapter 4
SYSTEM DESIGN
4.1 System Architecture
The architecture of SDX On Web is divided into three parts. The presentation part
contains all the user interactive pages. These are the .aspx pages which allow the system administrator to look into the user activities and the user to perform various operations like registering to the system and logging in to their personalized portal. Once the system administrator logs in, he can view the all the users in the system, give or deny them access and view the system log.
The second part is the business logic. It consists of the core application business logic. As an example, a business tier may accept request from a presentation tier, query the data tier and return the requested data.
The third part is the storage. It consists of classes and objects and Meta data that define these objects. The classes may be User, Role, Right, Department, Document and so on.
2010-11
Page 11
Chapter 4
In an incremental development process, customers identify, in outline, the services to be provided by the system. They identify which of the services are most important and which are least important to them. A number of delivery increments are then defined, with each increment providing a sub-set of the system functionality. The allocation of services to increments depends on the service priority with the highest priority services delivered first.
Once the system increments have been identified, the requirements for the services to be delivered in the first increment are defined in detail, and that increment is developed. During development, further requirement analysis for later increments can take place, but requirements changes for the current increment are not accepted.
Once an increment is completed and delivered, customers can put it into service. This means that they take early delivery of part of the system functionality. They can experiment with the system that helps them clarify their requirements for later increments and for later versions of the current increment. As new increments are completed, they are integrated with the existing increments so that the system functionality improves with each delivered increment. The common services may be implemented early in the process or may be implemented incrementally as functionality is required by an increment.
2010-11
Page 12
Chapter 4
4.3 Workflows
User Input Security Verification Service Workflow
User Input Security Verification Service - A workflow wrapped into a service that is composed from other services to detect JavaScript and SQL Injection attempts from a string. Returns success if there is are no injection attempts, fail otherwise. The two services may also be run in parallel if the platform supports it. JavaScript Injection Detection Service - Detects if the input string is an XSS attempt through detecting JavaScript, returns succeed if none detected, fail otherwise. SQL Injection Detection Service - Detects if the input string is an SQL Injection and returns succeed if it is not and fail otherwise.
2010-11
Page 13
Chapter 4
Login Service - Is a composition based service comprised of a series of services to see if the user has successfully logged in. Success means that the user has successfully logged in into the SDX On Web, failure is otherwise. User Input Security Validation Service - See Workflow 1: User Input Security Verification Service Workflow Username and Password Verification Service - Checks the database to see if the users username and password are correct. Succeeds if correct, fails otherwise. Is User Logged in Already Service - Checks the system to see if the user is logged in elsewhere, if the same user is logged in multiple places simultaneously the system assumes a breach in security has occurred. Succeeds if user is not logged in elsewhere, fails otherwise. System Logging Service - Records that the action that has just taken place into the system log. ________________________________________________________________________ Dept of CSE, RNSIT 2010-11 Page 14
Chapter 4
Login Service Is a composition based service comprised of a series of services to see if the user has successfully logged in. Success means that the user has successfully logged in into the SDX On Web, failure is otherwise. Get All temporary User Requests Service - Gets a list of all temporary users and their requests that have not had their access rights decided. Get All System User : Gets a list of all users in the organization. Get System Log - Get all the messages in the system log. Give User Access Service - Service that gives the user the access rights given in the request. Deny User Access Service - Denies the temporary user access rights (or transition out of temporary user).
2010-11
Page 15
Chapter 4
System Logging Service Records that the action that has just taken place into the system log
Workflow for a new user requesting an account. User Input Security Verification Service - See above User Request Filing Service - Records the new account details and request details in the database. System Logging Service Records that the action that has just taken place into the system log
2010-11
Page 16
Chapter 4
User_id=1?: Here the UserID is checked. If the user is a temporary user then the login page is displayed. Else the documents of the user is displayed. Documents to Check-Out: User selects the documents and can check out using the check out button. Button Check-Out click: when this button click is true and the documents are selected then the control goes to Document Check-Out Service.
2010-11
Page 17
Chapter 4
Document Check-Out Service: The checked out documents are put to object reference doc_checked . If this is done successfully then the document is checked out else its not checked out. ________________________________________________________________________
List Service: This service loads the allowed documents to be viewed to the dropdown list. Select Document: The document to be viewed is selected. Dept of CSE, RNSIT 2010-11 Page 18
Chapter 4
View Document Service and Decryption: This service decrypts and opens the respective document to be viewed. A pop-up asks whether to open or save the document. If this service returns true then system log is updated else an error is occurred.
Name of file: A name is to be given to the file begin uploaded. Browse for file: File is browsed from the system. This functionality is provided by File Upload class. Click upload button: The upload button is clicked after browsing.
2010-11
Page 19
Chapter 4
Upload and Encryption Service: The uploaded file is checked for the correct extension and is encrypted using Rijndael Encryption Algorithm. The result of this service is logged.
Target File: The file to be updated is chosen. Source File: This is the file that has to replace the target file in system. This is done by browsing for the file from user system. This file must have the same extension as that of the target file. Update and Encryption Service: The updated file is checked for the correct extension and is encrypted using Rijndael Encryption Algorithm. The result of this service is logged.
2010-11
Page 20
Chapter 4
Select document: The documents are displayed using Listitem and one document is chosen from them. Confirm Check-In: The check box must be ticked to confirm the checkin and then the Check-In button is to be clicked. Check-In Service: This service removes the document from the object reference doc_checked. The result of this service is logged in the system.
2010-11
Page 21
Chapter 4
Enter old password: user must enter the password that has to be changed. Enter new password and re-type: The required password is to be typed and re-typed so that it can be confirmed. Change Password Service: This service is called upon change password button click. This service replaces the old password by new password.
2010-11
Page 22
Chapter 4
Select Document: A document is to be chosen for deletion from the list. Delete Document Service: The document which is chosen is removed from the object reference document. The result of this service is logged.
Logout Workflow
2010-11
Page 23
Chapter 4
Enter email-id: The email-id of the user who has forgotten his/her password is to be entered. Validate id: Checks whether the email syntax is proper and checks whether the user exists. If any of it is wrong then the user navigates to login page else it navigates to send new password page. Dept of CSE, RNSIT 2010-11 Page 24
Chapter 4
User enters details: Here the user enters his/her details like security answer, role and department. Then the user should click GetNewPassword button. SQLInjection Detection and Detect XSSAttempt Service: These services detect SQLInjection and XSSAttempt respectively. Match details: The entered details are matched with the details in the database. Generate new password : If the details match then a new password is generated and sent to the user email using EmailClient Service.
Target Username: The name of the user with whom the document is to be shared. Select Document: Select the document to be shared. Dept of CSE, RNSIT 2010-11 Page 25
SDX-Secure Document eXchange On Web Appropriate access: Grant only the required access and click the share button.
Chapter 4
Share Document Service: Depending on the rights granted and the rights of the user, the document is shared. The system logging is done at the end depending upon the results of the service.
Document Management
The above workflow describes how a user can interact with a document and the services required to do so. Login Service Is a composition based service comprised of a series of services to see if the user has successfully logged in. Success means that the user has successfully logged in into the SDX On Web, failure is otherwise. Read Document Service - Service that displays a copy of the document to the user. Delete Document Service - Removes the document from the SDX ON WEB system. Share Document Service - Shares the current document with a specified user. Check-In/Check-Out Service - Check out prevents the document from being updated so the user has exclusive access and check in removes exclusive access. Update Document Service - Retrieves the documents that can be updated; which documents the user has access to are calculated in the database. Updates the document by uploading a new version. Dept of CSE, RNSIT 2010-11 Page 26
Chapter 4
System Logging Service - Records that the action that has just taken place into the system log
The above diagram is the Entity-Relationship Diagram for the objects that we have used, the links between each objects as shown above represents how the objects are dependent on each other and how they are related. The golden key present in the objects as shown above represents the primary key of the corresponding objects.
2010-11
Page 27
Chapter 4
2010-11
Page 28
Chapter 4
2010-11
Page 29
Chapter 4
2010-11
Page 30
Chapter 4
2010-11
Page 31
Chapter 4
2010-11
Page 32
Chapter 5
REQUIREMENTS
5.1 Hardware Requirements
Intel Processor/ Celeron or AMD Processor. RAM higher than 512 MB. Hard disk space for the documents to get stored.
Operating system equal to or newer than Windows XP. Web browser equal to or newer than IE9.0 beta, Firefox 3.4, or Chrome. SSL 3.0 activated in the web browser. Firewall (Optional but strongly recommended). A valid email address for account registration. SQL Server 2005 Express Edition.
Needs to be web based and available to users 24/7. It should allow users to log in using their username/password and perform operations (according to their rights) on company documents.
The system should maintain all documents and related meta data. A new user is considered as a temporary user and cannot do anything except sending a request to the system administrator.
The system should provide the following operations to a signed in user: show document list, upload, read, delete, update, check in/out and share a documents.
User Interface: The website must be usable from any browser under any operating system.
Hardware Interfaces: SDX On Web should be implemented in a hardwareindependent fashion and should not rely on any particular hardware interfaces.
2010-11
Page 33
Chapter 5
Software Interfaces: The documents repository will be held in a SQL DB and c# will be used to interface with the DB.
Communication Interface: A web service layer implementing WCF (Windows Communication Foundation).
Secure Socket Layer (HTTPS) will provide users with an encrypted form for security.
The system shall have the encryption for security requirement. System shall be able to support up to 3000 transaction per hour with average response time 3sec to maximum response time 10sec.
System shall be available 24 hours per day, 7 days per week. System shall be capable of being accessed by multiple users. System shall have a server application that performs all analysis, database retrieval, and Real time query.
Ability of the system to securely store document data and related meta data.
Ability of the system to securely store user account and corresponding rights information.
2010-11
Page 34
Chapter 5
Chapter 5
Log Activities Activities should be correctly logged and should be kept highly confidential from vulnerabilities like deletion of logs and accessing the file to gain information.
SQL Injection Validate user input for SQL injection. Use stored procedure. Session Validation and hijacking Start and end session with user login and logout respectively. Session timeout if user is idle.
Cross Site scripting The application needs to be prevented from Cross site scripting.
2010-11
Page 36
Chapter 6
IMPLEMENTATION
6.1 Implementation Plan
AnkhSVN Subversion
AnkhSVN is a free Subversion client. It is a software versioning and revision control system implemented as a source-control plug-in for Microsoft Visual Studio 2005, 2008, 2010+. It is released under the Apache License. It provides an interface to perform the most common revision control operations directly from inside the VS.NET IDE. Changes are usually identified by a number or letter code, termed the "revision number", "revision level", or simply "revision". For example, an initial set of files is "revision 1". When the first change is made, the resulting set is "revision 2", and so on. Each revision is associated with a timestamp and the person making the change. Revisions can be compared, restored, and with some types of files, merged.
2010-11
Page 37
Chapter 6
Email-Client
An email client, email reader, or more formally mail user agent (MUA), is a computer program used to manage a user's email. The term can refer to any system capable of accessing the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human typing on a terminal. In our project we use email-client to send a password that is randomly generated to the inbox of the respective user in case of forgotten password.
6.2 Pseudo-Code
Name: CeoService Input: user name, user id, file name, file path Output: None function shareOnUpload(userid, fileName, FileUploadPath) // When a subordinate uploads a file, it is implicitly shared by the CEO begin deptid <- fetch Deptartment ID using user id ceoName <- fetch Ceo Id belonging to that department doc_id <- fetch document id using filename ShareDocument(ceoName, userid, docid, true, true, true) end function newCEO(userid, user_name) // Share all the documents of subordinates with a new CEO created for that department begin deptID <- fetch the department id in which the user belongs doc_id_list <- fetch all the documents using deptID where all the documents belong to the subordinate of that deparment.
2010-11
Page 38
Chapter 6
foreach document in doc_id_list do begin source <- fetch document owner's id ShareDocument(user_name, source, docid, true, true, true) end end
Name: CheckOutService Input: array of document Names,userID of the user who wants to checkout, email IDs of the owners who own the document Output: Returns "Document checked out" if document check out is successful, else "Document already exists" if document has been already checked out. function checkOut(array docName, userID,array emailID) //This function checks out a document if it has not been checked out already. Check Out puts a lock on the document. begin for i <- 0; i < docName.Length; inc i by 1 do begin userIDVal[i] <- fetch user id using emailID[i] docId[i] <end returnval <- 0 for i <- 0; i < docId.Length; inc i by 1 do begin if docId[i] not equal to 0 then begin DocumentListData(userIDVal[i], docName[i])
2010-11
Page 39
Chapter 6
check out document if checkout successful then begin returnval <- 1 end end end if returnval equals 0 then begin return "Document already exists" end else begin return "Document Checked Out" end end
Name: DeleteDocumentService Input: doc ID of the document to be deleted Output: Returns "Success." if deleteing the document is successful, else "Failure." if document cannot be deleted. function DeleteDocument(docid) begin result <- "Failure." delete the document from the system
2010-11
Page 40
Chapter 6
if delete successful then begin result <- "Success." end return result end
Name: DetectXSSAttemptService Input: input string Output: Returns true if attempt to cross-site scripting is detected else false function IsXSSInjection(input) begin if (input Contains("<applet") || input Contains("<body") || input Contains("<embed") || input Contains("<frame") || input Contains("<script") || input Contains("<frameset") || input Contains("<html") || input Contains("<iframe") || input Contains("<img") || input Contains("<style") || input Contains("<layer") || input Contains("<link") || input Contains("<ilayer") || Dept of CSE, RNSIT 2010-11 Page 41
Chapter 6
input Contains("<meta") || input Contains("<object") || input Contains("<src") || input Contains("<lowsrc") || input Contains("<href")) then begin return true end else begin return false end end
Name: DocumentListService Input: userid Output: None Lists the documents owned by or shared to the user Displays the check box to checkout the document if it isn't alreadt checked out
Name: EmailClientService Input: username Output: Returns true if new password is sent successfully else false function CreateRandomPassword() begin Dept of CSE, RNSIT 2010-11 Page 42
Chapter 6
allowedChars <"abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ012345678 9!@$?_-"; for i <- 0; i < 6; inc i by 1 do begin chars[i] <- allowedChars[rd.Next(0, allowedChars.Length)] chars[6] <- '@' chars[7] <- '5' chars[8] <- 'w' return chars end end function sendMail(username) begin safeMode <- false newPass <- CreateRandomPassword(); client <- SmtpClient("smtp.gmail.com", 587) client.EnableSsl <- true add username as recipient add new password as message body set the sender as administrator set the subject <- "New password generated"; set network credentials change the password in the system if successful then begin Dept of CSE, RNSIT 2010-11 Page 43
Chapter 6
Name: LoginService Input: regular expression for password, username, password Output: Returns user object function Login(RegexPassword, username, password) begin safeMode <- UserTransferObject() sqlinjection <- true; xssinjection <- true; regexfiltered <- false; detect sql injection for username and password if injected then begin return safemode end detect xss attempt for username and password if detected then begin Dept of CSE, RNSIT 2010-11 Page 44
Chapter 6
return safemode end verify username for email syntax if invalid then begin return safemode end verify the password against regular expression for password if invalid then begin return safemode end
authenticate the user set the user object with authenticated attributes return user object end
Chapter 6
Input: user name, user id, file name, file path Output: None function shareOnUpload(userid, fileName, FileUploadPath) // When a subordinate uploads a file, it is implicitly shared by the Manager begin
deptid <- fetch Deptartment ID using user id managerName <- fetch Manager Id belonging to that department doc_id <- fetch document id using filename ShareDocument(managerName, userid, docid, true, true, true) end function newManager(userid, user_name) // Share all the documents of subordinates with a new Manager created for that department begin deptID <- fetch the department id in which the user belongs doc_id_list <- fetch all the documents using deptID where all the documents belong to the subordinate of that deparment. foreach document in doc_id_list do begin source <- fetch document owner's id ShareDocument(user_name, source, docid, true, true, true) end end
Chapter 6
Description: Changes password upon request Input: Username of the user, Old Password of the uer, New Password of the user, Reentered new password Output: Returns true if password is changed otherwise false function ChangePassword(username,oldPass,newPass,confirmPass) begin safemode <- false DetectSQL(oldPass) if found then begin return safmode end DetectSQL(newPass) if found then begin return safemode end DetectSQL(confirmPass) if found then begin return safemode end IsXSSInjection(oldPass) if found then begin
2010-11
Page 47
Chapter 6
return safemode end IsXSSInjection(newPass) if found then begin return safemode end IsXSSInjection(confirmPass) if found then begin return safemode end
if oldPass equals newPass then begin return safemode end if newPass != confirmPass then begin return safemode end if newPass does not match standard then begin return safemode end Dept of CSE, RNSIT 2010-11 Page 48
Chapter 6
Name: SQLInjectionDetectionService Input: Input string Output: Returns true if SQL Injection is detected, else false Detects SQL Injection if found then begin return true end else begin return false end Name: AddTODepartment Service Input: Username,Department Output: none function Add(username, department) begin Get userID Dept of CSE, RNSIT 2010-11 Page 49
Chapter 6
Name: CheckInService Input: docID,userID Output: Returns "Document checked in" if document check in is successful otherwise failure function Add(username, department) begin check in document if checkin successful then begin return "Document checked in" end end
Output: return true if the user is registered successfuly otherwise false. function RegisterNewUser(emailid,password,confirmpassword,request,role,department,altEmail,q uestion,answer) begin safeMode <- false; Dept of CSE, RNSIT 2010-11 Page 50
Chapter 6
emailSyntaxValidation <- true; sqlinjection <- true; xssinjection <- true; regexfiltered <- false; array strFields <- emailid, password, confirmpassword
for i <- 0;i < strfields.length; inc i by 1 do begin sqlinjection <- detectSQL.DetectSQL(strFields[i]) sqlinjection if found then begin return safemode end end for i <- 0;i < strfields.length; inc i by 1 do begin xssinjection <-detectXSS.IsXSSInjection(strFields[i]) xssinjection if found then begin return safemode end end emailSyntaxValidation <- emailcheck.VerifyEmail(emailid) Dept of CSE, RNSIT 2010-11 Page 51
Chapter 6
emailSyntaxValidation if not valid then begin return false end emailSyntaxValidation <- emailcheck.VerifyEmail(altEmail) emailSyntaxValidation if not valid then begin return false end
passMatch <- passwordMatch(password, confirmpassword) passMatch if not matched then begin return false end emailid <- detectXSS.EncodeString(emailid) request <- detectXSS.EncodeString(request) altEmail <- detectXSS.EncodeString(altEmail) Add new user safemode <- true return safemode end Dept of CSE, RNSIT 2010-11 Page 52
Chapter 6
Name: shareDocumentService Input: username_target,userid_source,docid,read,update and check Output: returns "success" if the documents are shared otherwise false function ShareDocument(username_target,userid_source, docid, read, update, check) begin returnvalue <- 0 username_target <- Server.HtmlEncode(username_target) Check if user exist if not found then begin return" user doesnot exist" end get userID userid_target if not found then begin return "could not find user" end if return value <- 0 then begin return false end return "success" end Dept of CSE, RNSIT 2010-11 Page 53
Chapter 6
Name: UpdateService Input: filename,fileUpdateDoc,userid,docid Output: returns "success" if the document is successfuly updated otherwise false. function UpdateFileService(FileName,fileUpdateDoc,userId, docid) begin fileOK <- false extensionOK <- false path <- Server.MapPath("Files") returnvalue <- 0 result fileExtension <System.IO.Path.GetExtension(fileUpdateDoc.FileName).ToLower(); vds <- vds.GetFileService(docid);
fileUpdateDoc.HasFile if true then begin allowedExtensions <- ".pdf", ".doc", ".txt", ".docx", ".rtf", ".ppt", ".pptx", ".jpg", ".bmp", ".png", ".jpeg", ".gif", ".tiff", ".xls", ".xlsx" for i<-0;i<allowedExtensions.Length; inc i by 1 do begin if fileExtension equals allowedExtensions[i] then begin extensionOK <- true Dept of CSE, RNSIT 2010-11 Page 54
Chapter 6
if fileLength less than 1 then begin result <- "No file found."; return result; end
if uploadedFile.ContentType equals "application/vnd.openxmlformats officedocument.wordprocessingml.document" then begin fileOK <- true end if uploadedFile.ContentType equals "application/pdf" then begin fileOK <- true
2010-11
Page 55
Chapter 6
end if uploadedFile.ContentType equals "text/plain" then begin fileOK <- true end if uploadedFile.ContentType equals "application/rtf" then begin fileOK <- true end if uploadedFile.ContentType equals "image/jpeg" then begin fileOK <- true end if uploadedFile.ContentType equals "image/pjpeg" then begin fileOK <- true end if uploadedFile.ContentType equals "image/bmp" then begin fileOK <- true end if uploadedFile.ContentType equals "image/png" then begin fileOK <- true end Dept of CSE, RNSIT 2010-11 Page 56
Chapter 6
if uploadedFile.ContentType equals "image/tiff" then begin fileOK <- true end if uploadedFile.ContentType equals "image/gif" then begin fileOK <- true end if uploadedFile.ContentType equals "application/vnd.ms-excel" then begin fileOK <- true end if uploadedFile.ContentType equals "application/vnd.ms-powerpoint" then begin fileOK <- true end if uploadedFile.ContentType equals "application/vnd.openxmlformatsofficedocument.presentationml.presentation" then begin fileOK <- true end if uploadedFile.ContentType equals "application/vnd.openxmlformatsofficedocument.spreadsheetml.sheet" then begin fileOK <- true end Dept of CSE, RNSIT 2010-11 Page 57
Chapter 6
if fileOK && extensionOK is true then begin uploadedFile.InputStream.Read(docData, 0, fileLength) docId <- docService.DocumentListData(userId, FileName) roleid <- 0 get user role if roleid not equal to 0 then begin RijndaelService rs array docData1; docData1 <- rs.Encrypt(docData); length <- docData1.Length; update document end end else begin result <- "Cannot accept files of this type." end if return value equals 1 then begin result <- "Success." end else begin Dept of CSE, RNSIT 2010-11 Page 58
Chapter 6
result <- "Database error or bad arguments." end return result end
Name: UploadCheckService Input: userid,docname and fileUploadDoc Outout: none function insertIntoTable(userid,docname,fileUploadDoc) begin docid <- 0 fetch doc_ID using doc_title fill Doc_Checked reference end
Name: UpladService Input: documentName,fileUploadDoc and userid Output: returns "success" if the document is uploaded successfuly otherwise false. function UploadFileService(documentName,fileUploadDoc,userid) begin returnvalue <- 0; fileOK <- false; extensionOK <- false; path <- Server.MapPath("Files"); result; Dept of CSE, RNSIT 2010-11 Page 59
Chapter 6
fileExtension <System.IO.Path.GetExtension(fileUploadDoc.FileName).ToLower(); fileUpdateDoc.HasFile if true then begin allowedExtensions <- ".pdf", ".doc", ".txt", ".docx", ".rtf", ".ppt", ".pptx", ".jpg", ".bmp", ".png", ".jpeg", ".gif", ".tiff", ".xls", ".xlsx" for i<-0;i<allowedExtensions.Length; inc i by 1 do begin if fileExtension equals allowedExtensions[i] then begin extensionOK <- true end end end uploadedFile <- fileUpdateDoc.PostedFile fileLength <- uploadedFile.ContentLength
if fileLength less than 1 then begin result <- "No file found." return result; end
if uploadedFile.ContentType equals "application/msword" then begin Dept of CSE, RNSIT 2010-11 Page 60
Chapter 6
if uploadedFile.ContentType equals "application/vnd.openxmlformatsofficedocument.wordprocessingml.document" then begin fileOK <- true end if uploadedFile.ContentType equals "application/pdf" then begin fileOK <- true end if uploadedFile.ContentType equals "text/plain" then begin fileOK <- true end if uploadedFile.ContentType equals "application/rtf" then begin fileOK <- true end if uploadedFile.ContentType equals "image/jpeg" then begin fileOK <- true end if uploadedFile.ContentType equals "image/pjpeg" then
2010-11
Page 61
Chapter 6
begin fileOK <- true end if uploadedFile.ContentType equals "image/bmp" then begin fileOK <- true end if uploadedFile.ContentType equals "image/png" then begin fileOK <- true end if uploadedFile.ContentType equals "image/tiff" then begin fileOK <- true end if uploadedFile.ContentType equals "image/gif" then begin fileOK <- true end if uploadedFile.ContentType equals "application/vnd.ms-excel" then begin fileOK <- true end if uploadedFile.ContentType equals "application/vnd.ms-powerpoint" then begin Dept of CSE, RNSIT 2010-11 Page 62
Chapter 6
fileOK <- true end if uploadedFile.ContentType equals "application/vnd.openxmlformatsofficedocument.presentationml.presentation" then begin fileOK <- true end if uploadedFile.ContentType equals "application/vnd.openxmlformatsofficedocument.spreadsheetml.sheet" then begin fileOK <- true end
if fileOK && extensionOK is true then begin uploadedFile.InputStream.Read(docData1, 0, fileLength) RijndaelService rs array docData docData <- rs.Encrypt(docData1) length <- docData.Length add or uplaoad new document end else begin result <- "Cannot accept files of this type." end Dept of CSE, RNSIT 2010-11 Page 63
Chapter 6
if return value equals 1 then begin result <- "Success." end else begin result <- "Failed to add document due to duplicate name or database error." end return result end
Name: ViewDocumentService Input: doc_ID of the document which is to be viewed. Output: the document which is requested for viewing
function GetFileService(itemvalue) begin ViewDocumentService vds get the document or a file that has to be viewed return vds; end
2010-11
Page 64
Chapter 6
Name: RijndaelService Input: plain text output: will get an encrypted data when the encrypt function is executed and then will get the plain text of the encryted data when decrypt function is executed. function array Encrypt(array plainTextBytes) //encryts the plain text into cipher text which is a byte array. begin passPhrase <- "Pa$5Xr@s3" saltValue <- "s@1t^a1u3" hashAlgorithm <- "SHA1" passwordIterations<-2 initVector <- "@1#c3~We5F6g7H8%" keySize <- 256; // can be any string // can be any string // can be "MD5" // can be any number // must be 16 bytes //can be 192 or 128
array initVectorBytes <- Encoding.ASCII.GetBytes(initVector) array saltValueBytes <- Encoding.ASCII.GetBytes(saltValue) array keyBytes <- password.GetBytes(keySize/8) symmetricKey.Mode <- CipherMode.CBC CreateEncryptor(keyBytes, initVectorBytes) Write(plainTextBytes, 0, plainTextBytes.Length) FlushFinalBlock() array cipherTextBytes <- memoryStream.ToArray() return cipherTextBytes end function array Decrypt(array cipherTextBytes)
2010-11
Page 65
Chapter 6
//decrypts the cipher text into plain text begin passPhrase <- "Pa$5Xr@s3" saltValue <- "s@1t^a1u3" hashAlgorithm <- "SHA1" passwordIterations <- 2 initVector <- "@1#c3~We5F6g7H8%" bytes keySize <- 256 // can be any string // can be any string // can be "MD5" // can be any number // must be 16
array initVectorBytes <- Encoding.ASCII.GetBytes(initVector) array saltValueBytes <- Encoding.ASCII.GetBytes(saltValue) array keyBytes <- password.GetBytes(keySize/8) symmetricKey.Mode <- CipherMode.CBC CreateDecryptor(keyBytes, initVectorBytes) array plainTextBytes <- [cipherTextBytes.Length] Read(plainTextBytes, 0, plainTextBytes.Length) return plainTextBytes end
6.3 Configuration
SDX on Web was developed using the following specifications: Operating System: Windows XP, 7 Languages: o Web Pages: HTML o Functionality: ASP.NET, C# Server: Internet Information Services IDE: Visual Studio 2008 2010-11 Page 66
Chapter 6
Sub versioning System: Ankhsvn Project Hosted on: www.code.google.com Database: Microsoft SQL Server 2005 Express Edition
2010-11
Page 67
Chapter 6
6.4.5 Login
Existing users can directly login to the system. Here the user has to enter email id and password which is authenticated at the time of login. Unregistered users can click the link New User register here which will direct the user to the register page(6.4.6).
2010-11
Page 68
Chapter 6
2010-11
Page 69
Chapter 6
3) Delete Owner of the document can delete a file by selecting it from the drop-down list. 4) Check-in A document that has been checked-out can be checked-in. The list of checkedout documents is shown in the drop down list. Checking-in will release the lock on the document and allows other user who have the appropriate rights to check out the document.
5) Check-out Document List page lists the documents that can be checked-out. User can select a document by clicking the checkbox and check out that particular document.
6.4.8 Requirements
Needs to be web based and available to users 24/7. It should allow users to log in using their username/password and perform operations (according to their rights) on company documents.
The system should maintain all documents and related metadata. A new user is considered as a temporary user and cannot do anything except sending a request to the system administrator.
The system should provide the following operations to a signed in user: show document list, upload, read, delete, update, check in/out and share a documents.
Every operation performed on any document should be logged. The system should provide end to end confidentiality and authentication.
Documents
The organization has the following departments: 1. Human resources 2. Logistic and supply 3. IT support 4. Sales 5. Research and development Dept of CSE, RNSIT 2010-11 Page 70
Chapter 6
The documents in the system can be of following formats: Word, Excel, PPT, PDF, TXT, PNG, JIF and JPEG. The system maintains all the documents and related meta-data, such as authors, titles, departments, creation time, modifications dates and time .
Users
Users of this system can be categorized according to their roles. In this project, we consider the following types of roles:
Corporate-level management officials, such as CEO, president, vice presidents: Responsible for the operations of multiple departments
Department manager: Responsible for the operations of a department Regular employees: Responsible for generating and maintaining most of the documents in departments.
Temporary user: A user account created for a new user. Guest user: A guest user who is not an employee of the organization. System administrators: Maintain all the user accounts
2010-11
Page 71
Chapter 7
RESULT ANALYSIS
7.1 Test Cases
Test Case Test Case for Login 1. System User Login into The SDX ON WEB Information Needed to SDX ON WEB. prompts the System User to login: enter the login information 1. Username i.e Email username and password. 2. Password 2. The System User enters The SDX ON WEB the information needed to authenticates the System login into SDX ON WEB. User, and login into the system and take the user according to the privilege into the appropriate page. 3. The System User enters The SDX ON WEB notifies in an invalid System the System User of the login Username or password failure and requests re-entry of all username and password. The SDX ON WEB check for SQL injection and JavaScript Injection for security. 4. The System User enters The SDX ON WEB notifies only password and does not the System User of the login enter Username failure and requests re-entry of all username and password. 5. The System User enters The SDX ON WEB notifies only username and does not the System User of the login enter password failure and requests re-entry of all username and password. The SDX ON WEB notifies Dept of CSE, RNSIT 2010-11 Page 72 Failed. Password matching properly. User or not logs in. username working Expected Results Remarks
6. The System User tries to the System User of the login enter a very huge length of failure and requests re-entry Username and password of all username and password.
Expected Results
Remarks
1. System User Login into The SDX ON WEB Information Needed to the to SDX ON WEB. prompts the System User to System admin: enter the login information Landing page should be username and password. showing request for new users. 2. The System User enters The SDX ON WEB the information needed to authenticates the System login into SDX ON WEB. User, and login into the system and take the user according to the privilege into the appropriate page in this case it should be to system admin page. 3. The System currently the System Administrator acknowledges the username or password is incorrect. The SDX ON WEB notifies the System User of the login failure and requests re-entry of all username and password.
4. The system Admin is able The SDX ON WEB will to view the correct page show all the new user (Temporary) requiring the access and according to the information system admin will click the check box and access the grant or deny the access. In both cases the system will email the user regarding the appropriate
2010-11
Page 73
Chapter 7
action taken.
Test Case Test Case for Normal User like CEO , employee , Dept Manager or Guest User
Expected Results
Remarks
1. System User Login into The SDX ON WEB Information Needed to the to SDX ON WEB. prompts the System User to System admin: enter the login information It will land onto a user username and password. page where he can view all the documents that he has 2. The System User enters The SDX ON WEB uploaded. the information needed to authenticates the System login into SDX ON WEB. User, and login into the All the activities will be system and take the user logged and in case of any according to the privilege discrepancy. The logged can into the appropriate page in be viewed. this case it should be to system admin page. 3. The System currently the The SDX ON WEB notifies acknowledges the username the System User of the login or password is incorrect. failure and requests re-entry of all username and password.
4. The User is able to view The SDX ON WEB will the correct page show all the documents list that has been shared as well as all the documents that he has uploaded. User can check out the documents. 5. The user shared Shared documents will have documents access rights access privileage according to that the user can only have the ability to use the document. Dept of CSE, RNSIT 2010-11 Page 74
Chapter 7
clicks the On the upload menu user can upload document with only the specified format like word, wordx, pdf, text, rich text, images (should not pass). He will mention the Document name and select the document path from where he wants to upload.
7. The user clicks the Another window will open checkout button for the showing the content of the document documents. 8. The user clicks the share A list of all documents that document he can share will occur and he will be able to share that by mentioning the Email id of the user. 9. The user enter a wrong The user will prompted for email id not in the system wrong email id. during sharing 10. The user click check in The user will ask to name menu. the document he is checking in and to get the appropriate path of the document. 11. The user checks in The SDX ON WEB will wrong documents. prompt the user that the document is not uploaded or checkout. Please verify the document you are trying to upload. 12. The user click delete the The user wants to delete a document. certain document and he click the documents. He will have a drop down of the document that he can delete according to the privileges. Dept of CSE, RNSIT 2010-11 Page 75
Chapter 7
He will select the document and the SDX ON WEB will prompt whether he wants to delete the documents if yes SDX ON WEB will delete the document. 13. The user clicks logout. The user will be taken to home page and will have to Failed. User is still logged login again. in. Possibly session is not removed. 14. User tries to click back The SDX ON WEB will button after logging out. remain on the home page. if the user is trying to access without active session.
2010-11
Page 76
Chapter 7
7.2 Snapshots
Default.aspx
Login.aspx
2010-11
Page 77
Chapter 7
Register.aspx
System Administrator.aspx
2010-11
Page 78
Chapter 7
Document List.aspx
Upload.aspx
2010-11
Page 79
Chapter 7
Delete.aspx
ViewDocument.aspx
2010-11
Page 80
Chapter 7
ShareDocument.aspx
UpdateDocument.aspx
2010-11
Page 81
Chapter 7
CheckIn.aspx
ChangePassword.aspx
2010-11
Page 82
Chapter 7
ForgotPassword.aspx
2010-11
Page 83
Chapter 8
CONCLUSION
SDX On Web is a software system to facilitate access to all the documents within an organization through the Internet. An organization often needs to track various documents generated by all the users of the organization. It is very important to take account of all possible attacks at all the stages of Software development so that no bug is left in the Software or code for exploitation after the development. Various attacks like Forgery, Eavesdropping, SQL Injection, User privacy, Session Hijacking etc were the possible attacks outlined during the initial stages. And now the system developed is immune to such attacks. Further, we have used an Email-Client Service for validating an email address to send a new random generated password in the case a password is lost. An added feature of the system is that we have provided security to all the documents uploaded to the system. This is facilitated by means of the Rijndael Encryption Algorithm. A possible future enhancement is that a versioning system could be made a feature. This would empower the author of a file to exercise more control over the changes made to his shared files. Also, it will make the job of tracking changes to a file easier. Working on this project has been an amazing learning experience and we express our heartfelt gratitude to everyone who have been giving their valuable inputs.
2010-11
Page 84
GLOSSARY
Administrator: Member of IT support designated to Administer SDX on Web. Check-in: A command through which a user removes exclusive access. Check-out: A command which prevents the document from being updated so that the user has exclusive access. ISO: International Organization for Standardization, an NGO which sets standards that often become laws. JavaScript injection: It is facility by which we can insert our own JavaScript into web-site by entering code into address bar or finding XSS vulnerability. Metadata: Aggregate of data associated with a file managed by the system that is not part of the file itself. SDX: Secure Document eXchange. Services: Refer to Web Services (WS). SQLInjection: Is an attack in which malicious code is inserted into strings that are later passed into an instance of SQL server for parsing and execution. System log: Records the action that has just taken place into the system log. Its not modifiable. Web Service: Shares business logic, data and processes through a programmatic interface across a network. They are also called application services. WS: Refers to Web Service. XSSAttempt: It is a cross-site scripting found in web applications that enables malicious attackers to inject client side script into web pages viewed by other users.
BIBILIOGRAPHY
[1] Pro C# With .NET 3.0 Special Edition by Andrew Troelsen
[2] http://articles.sitepoint.com/article/sql-server-2000-database
[4] http://www.triconsole.com/dotnet/sqlconnection_class.php
[8] www.java-samples.com
[9] www.experts-exchange.com
[10] www.msdn.microsoft.com
[11] http://www.codeproject.com/KB/aspnet/NoCaching.aspx?display=Print
[12] http://more-csharp.blogspot.com/2006/12/comprehensive-guide-to-c-and.html
[13] http://en.wikibooks.org/wiki/C_Sharp_Programming
[14] http://upload.wikimedia.org/wikipedia/commons/b/b3/C_Sharp_Programming.p df
[15] http://learn.iis.net/page.aspx/387/using-visual-studio-2008-with-iis-7/