Security is a great concern when you're sitting at work and entering sensitive data into tools you know little about. Even worse, when faced with a Base64 encoded string many {insert your job title here} will simply google for "base64" and enter the data in the first Base64 decoding webpage they find. They might not even take a minute to reflect over the fact that they're posting sensitive data to an unkown site on the internet. Now you can have the tool you need available right there in the start menu.

Apart from being a useful tool, TransformTool has been built with security in mind. That means you should be able to trust it with your data, without being concerned that your data might be uploaded to a site on the internet, or that any history would be stored on your computer.

Leaning on ClickOnce security

TransformTool is deployed as a ClickOnce application, and runs under the ClickOnce security model. TransformTool requires a minimal amount of permissions to run, and is based on the permissions granted to applications run in the Internet zone, see the TrustInfo documentation for more details on the zones and their settings. At the time of writing, TransformTool drops e.g. the printing privileges, but requires one permission not included in the Internet zone: the ability to open a SaveFileDialog to let the user save an output to file.

In the current version, TransformTool does not have the permission to access the network, and only has limited access to the file system. You will be prompted to update the tool when a new version is made available. Note however, this is handled entirely by the .Net framework and the ClickOnce technology, and happens out of TransformTool's control.

TransformTool installs for unprivileged users

You do not need to be admin to install, run or update TransformTool. As long as the .Net framework is installed on the machine, TransformTool will install without trouble for the current user. (If you're missing the .Net framework, you need administrator privileges to install it).

TransformTool is digitally signed

The ClickOnce manifests are digitally signed, so you can be sure who's the source of TransformTool when you install the application. The signing certificate is issued to: André N. Klingsheim (I'm the developer on the project).

Local installation

TransformTool is installed locally, and the ClickOnce technology ensures that the applications is isolated from it's surroundings. The local installation means that you can start the application without the need for an internet connection. The ClickOnce technology will try contact codeplex to check for a new version every time you start it (this is out of TransformTool's control).

Prerequisites can easily be kept up to date

TransformTool requires .Net framework 3.5 to run, which can me administered similarly to other of-the-shelf Microsoft technologies. In enterprises, updates can be handled through existing patch processes, and home users will keep the framework up to date on security patches through Microsoft Update. TransformTool updates itself. That means that the entire software stack is easily kept up to date.

Summary

TransformTool is built to install without administrator privileges, and will not require any special permissions out-of-the box (no network, file access, UI access, clipboard etc). In addition, system administrators should be able to easily support the application as its prerequisites can be handled by existing deployment/patch technologies. The user will be prompted to update TransformTool as soon as a new version becomes available.

Last edited Dec 8, 2011 at 9:42 AM by klings, version 10

Comments

No comments yet.