Home |
Search |
Today's Posts |
#1
Posted to microsoft.public.excel.programming
|
|||
|
|||
URGENT help or features needed for sox compliance
We are looking for a way of securing a file against modification during
transfer. A user logs in to our application to generate a payroll data export file (.csv format) the file is generated and encrypted in our system and sent via email to the requester. The requester then decrypts the file then logs into another application and uploads the file. The problem is that between decrypting and uploading the file the data can be manipulated. Sarbanes oxley auditors are failing us on this deficiency. We would like our system to automatically add the following options to the file prior to email transfer. 1. Render the csv or text file read only (currently available in both Word and Excel) 2. Option to Disable the application window scroll bar (so the file cannot be read onscreen beyond the first page) 3. Encrypt the csv file with PGP encryption key of the requester (already in place) 4. Create and save a hash value of the file in both the message field of the transfer email message and in a table within our database. The other application will be tasked with retrieving the Each quarter the other application will be required to provide the hash values of all files uploaded from our application. the hash values should match if not there was I am asking for help and guidance in knowing how to accomplish step 2. As well as feedback 3. Upon decripting Limit online MS office application options to upload file, or close window in order to force the reciever. No save, modify, or delete option. 3. -- Pamela J Bradford FEPS Business Analyst ACS Inc. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/office/comm...el.programming |
#2
Posted to microsoft.public.excel.programming
|
|||
|
|||
URGENT help or features needed for sox compliance
CSV and TXT files are plain old text. They can be opened in any text
editor--notepad to the millions of free text editors available on the web (as well as MSWord and excel). I don't think you'll find a solution to #1 or #2. I don't know anything about PGP. And I would think that the second #3 would depend on macros. Macros don't have to be enabled (and wouldn't travel with .csv or .txt files, anyway) by the user. So you wouldn't have assurances that the end user used the limiting macros. Maybe using excel and text files isn't the way to go. Maybe using some other (home grown) program that encrypts the data and only allows what you want allowed would be better. Pamela Bradford wrote: We are looking for a way of securing a file against modification during transfer. A user logs in to our application to generate a payroll data export file (.csv format) the file is generated and encrypted in our system and sent via email to the requester. The requester then decrypts the file then logs into another application and uploads the file. The problem is that between decrypting and uploading the file the data can be manipulated. Sarbanes oxley auditors are failing us on this deficiency. We would like our system to automatically add the following options to the file prior to email transfer. 1. Render the csv or text file read only (currently available in both Word and Excel) 2. Option to Disable the application window scroll bar (so the file cannot be read onscreen beyond the first page) 3. Encrypt the csv file with PGP encryption key of the requester (already in place) 4. Create and save a hash value of the file in both the message field of the transfer email message and in a table within our database. The other application will be tasked with retrieving the Each quarter the other application will be required to provide the hash values of all files uploaded from our application. the hash values should match if not there was I am asking for help and guidance in knowing how to accomplish step 2. As well as feedback 3. Upon decripting Limit online MS office application options to upload file, or close window in order to force the reciever. No save, modify, or delete option. 3. -- Pamela J Bradford FEPS Business Analyst ACS Inc. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/office/comm...el.programming -- Dave Peterson |
#3
Posted to microsoft.public.excel.programming
|
|||
|
|||
URGENT help or features needed for sox compliance
Excel is not a secure application. If your auditors say you need to prevent
your data from being manipulated, then I'd agree with Dave Peterson that neither .txt files nor .xls files are the way to do it. "Dave Peterson" wrote: CSV and TXT files are plain old text. They can be opened in any text editor--notepad to the millions of free text editors available on the web (as well as MSWord and excel). I don't think you'll find a solution to #1 or #2. I don't know anything about PGP. And I would think that the second #3 would depend on macros. Macros don't have to be enabled (and wouldn't travel with .csv or .txt files, anyway) by the user. So you wouldn't have assurances that the end user used the limiting macros. Maybe using excel and text files isn't the way to go. Maybe using some other (home grown) program that encrypts the data and only allows what you want allowed would be better. Pamela Bradford wrote: We are looking for a way of securing a file against modification during transfer. A user logs in to our application to generate a payroll data export file (.csv format) the file is generated and encrypted in our system and sent via email to the requester. The requester then decrypts the file then logs into another application and uploads the file. The problem is that between decrypting and uploading the file the data can be manipulated. Sarbanes oxley auditors are failing us on this deficiency. We would like our system to automatically add the following options to the file prior to email transfer. 1. Render the csv or text file read only (currently available in both Word and Excel) 2. Option to Disable the application window scroll bar (so the file cannot be read onscreen beyond the first page) 3. Encrypt the csv file with PGP encryption key of the requester (already in place) 4. Create and save a hash value of the file in both the message field of the transfer email message and in a table within our database. The other application will be tasked with retrieving the Each quarter the other application will be required to provide the hash values of all files uploaded from our application. the hash values should match if not there was I am asking for help and guidance in knowing how to accomplish step 2. As well as feedback 3. Upon decripting Limit online MS office application options to upload file, or close window in order to force the reciever. No save, modify, or delete option. 3. -- Pamela J Bradford FEPS Business Analyst ACS Inc. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/office/comm...el.programming -- Dave Peterson |
#4
Posted to microsoft.public.excel.programming
|
|||
|
|||
URGENT help or features needed for sox compliance
Your primary problem is to ensure that the recipient does not change the file
prior to uploading it. The PGP encryption is sufficient to ensure that the file is not intercepted and changed when the it is sent to the user. Prior to emailing the file, the sending application should calculate and store securely a unique hash of the file contents. There is no requirement to include this value in the file, either internally or as part of the email message. The upload application should use the same algorithm as the sending application to re-calculate the hash of the file. This hash can be verified against the stored value prior to any upload. I am using the term hash, however any kind of algorithm can be used as long as it is duplicated at both ends. Your concern should be that the calculation remain secure from the users. Lastly, your upload application can be set to prevent scrolling etc. However, as pointed out in other posts this would not prevent the recipient from viewing the contents of the unencrypted file. -- Les Torchia-Wells "Pamela Bradford" wrote: We are looking for a way of securing a file against modification during transfer. A user logs in to our application to generate a payroll data export file (.csv format) the file is generated and encrypted in our system and sent via email to the requester. The requester then decrypts the file then logs into another application and uploads the file. The problem is that between decrypting and uploading the file the data can be manipulated. Sarbanes oxley auditors are failing us on this deficiency. We would like our system to automatically add the following options to the file prior to email transfer. 1. Render the csv or text file read only (currently available in both Word and Excel) 2. Option to Disable the application window scroll bar (so the file cannot be read onscreen beyond the first page) 3. Encrypt the csv file with PGP encryption key of the requester (already in place) 4. Create and save a hash value of the file in both the message field of the transfer email message and in a table within our database. The other application will be tasked with retrieving the Each quarter the other application will be required to provide the hash values of all files uploaded from our application. the hash values should match if not there was I am asking for help and guidance in knowing how to accomplish step 2. As well as feedback 3. Upon decripting Limit online MS office application options to upload file, or close window in order to force the reciever. No save, modify, or delete option. 3. -- Pamela J Bradford FEPS Business Analyst ACS Inc. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/office/comm...el.programming |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
URGENT HELP NEEDED | Excel Discussion (Misc queries) | |||
urgent help needed please anyone | Excel Programming | |||
Urgent help needed | Excel Worksheet Functions | |||
Urgent help needed! | Excel Worksheet Functions | |||
Urgent Help needed ! | Excel Programming |