Question

GUID or Cookie encryption for Downloaded file .

0

Hi I have a Scenario that a user can download a file from the mendix application. After downloading the file -> in network section(browser inspect section) --> click on the file --> it will show all the Header request / response values . In general section it will show the Request URl with GUID number of the file. I wanted to hide this GUID number or encrypt current file session. [Eg : can be accessible in this scenario : If an hacker hacked your browser now he can access your cookie and Header request details from your browser of all websites you visit. when you login the mendix application and download a file with download option at the same time he can generate this file by making request with same duplicate environment ] What can be the solution for this ? Thanks in advance.

asked 2024-05-08

kashinath vernekar

3 answers

Satyam Desai · Answer 1 · 2024-07-02

Hi kashinath vernekar

I am having similar scenario, may I know how have you achieved this?

Thanks in advance.

Emilio Fernández López · Answer 2 · 2024-07-02

Hey Kashinath!

Did you try the encryption module to encrypt the files? https://docs.mendix.com/appstore/modules/encryption/

Here you have a similiar question: https://community.mendix.com/link/space/studio-pro/questions/110250.

There you will find some possible workarounds and how to configure the encryption module for files.

Hope this helps!

kashinath vernekar · Answer 3 · 2024-07-02

Hi satyam,

As per my knowledge you cannot hide the request Header information in the browser for your downloaded file but you can make it as to not to match the current session file UUID and XASSESSION Id of another login at same time which can allows app server to download the file.

By making user roles and giving permission in your domain model you can prevent it.

And encryption of cookies in browser level is still may not possible and encrypting the file is also will not help to download the file by making duplicate environmental request.

Better you always do updates of your browser. However hacking depends on the talent of the individual and available loopholes of the system.