You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to create an app that would work like this:
-user on my website chooses which exam on which platform (since there has to be a different version of SEB generated for each system) they would like to take
-backend creates a .seb file for that exam with a custom start URL
-user downloads this file
-user uses the .seb file and takes the exam inside
Does this flow seem to be possible? I am worried about a few things:
-Will it still be possible to check the version of SEB used? It is said that it's hard to generate BEK outside SEB. Does that basically mean this flow wouldn't be achievable since we wouldn't be able to generate the full config, including the BEK, on our backend? Or maybe it would somehow be achievable to generate it on the backend?
-Since each time the key is generated it has a different form — even with the same settings, system, and program version — how does it ensure that the correct version is being used? Let's say I'm generating a config, saving it, and passing it to the person who is supposed to take the exam, and they have an old version of SEB. Is it simply impossible to run SEB with this config file?
Also, what is stopping them from taking the file, decrypting it with a code, checking the key hash, and simply sending it as a header without using SEB?
-From what I see, after giving the password to the user (which they need in order to use this config), they are able to decrypt that file. Isn't that a safety issue? Would it be possible to allow the user to use that config without the option to decrypt it? Is there even a point in encrypting files if we must give the option to decrypt them? Or should the flow look a bit different?
I know that it's suggested to keep the flow in a way where, for example, you generate a key with a general config, the user logs in, chooses the exam, and this way you don’t have to generate it. But from what I'm told, our flow must look in a way that an already logged-in user just downloads the correct file and uses it to start the exam (for their account and the correct exam). Therefore, the entire file would have to be generated with a custom exam start point.
Thanks for taking the time to help me! I know this is probably somewhere in the docs, but I went through them and still have these questions. Also, if you think answering some of these questions would take less time than others, could you answer the easier ones first in a separate comment?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I want to create an app that would work like this:
-user on my website chooses which exam on which platform (since there has to be a different version of SEB generated for each system) they would like to take
-backend creates a .seb file for that exam with a custom start URL
-user downloads this file
-user uses the .seb file and takes the exam inside
Does this flow seem to be possible? I am worried about a few things:
-Will it still be possible to check the version of SEB used? It is said that it's hard to generate BEK outside SEB. Does that basically mean this flow wouldn't be achievable since we wouldn't be able to generate the full config, including the BEK, on our backend? Or maybe it would somehow be achievable to generate it on the backend?
-Since each time the key is generated it has a different form — even with the same settings, system, and program version — how does it ensure that the correct version is being used? Let's say I'm generating a config, saving it, and passing it to the person who is supposed to take the exam, and they have an old version of SEB. Is it simply impossible to run SEB with this config file?
Also, what is stopping them from taking the file, decrypting it with a code, checking the key hash, and simply sending it as a header without using SEB?
-From what I see, after giving the password to the user (which they need in order to use this config), they are able to decrypt that file. Isn't that a safety issue? Would it be possible to allow the user to use that config without the option to decrypt it? Is there even a point in encrypting files if we must give the option to decrypt them? Or should the flow look a bit different?
I know that it's suggested to keep the flow in a way where, for example, you generate a key with a general config, the user logs in, chooses the exam, and this way you don’t have to generate it. But from what I'm told, our flow must look in a way that an already logged-in user just downloads the correct file and uses it to start the exam (for their account and the correct exam). Therefore, the entire file would have to be generated with a custom exam start point.
Thanks for taking the time to help me! I know this is probably somewhere in the docs, but I went through them and still have these questions. Also, if you think answering some of these questions would take less time than others, could you answer the easier ones first in a separate comment?
Beta Was this translation helpful? Give feedback.
All reactions