Acta Informatica Pragensia 2014, 3(1), 8-22 | DOI: 10.18267/j.aip.322566

O �itelnosti p��loh datov�ch zpr�v v PDF na platform� OS X

Tom� Zahradnick�
Katedra po��ta�ov�ch syst�m�, Fakulta informa�n�ch technologi�, �esk� vysok� u�en� technick� v Praze, Th�kurova 9, 166 21 Praha 3

Informa�n� syst�m Datov�ch schr�nek je v�znamn�m informa�n�m syst�mem st�tn� infrastruktury. N�vrhu takov� informa�n�ho syst�mu je nutn� v�novat pat�i�nou p��i i vzhledem k tomu, �e pokud by se v n�vrhu pozd�ji objevila trhlina, mohla by m�t nedoz�rn� n�sledky na v�echny u�ivatele. Trhlina, o kter� budeme pojedn�vat, se t�k� zp�sobu zas�l�n� n�kter�ch datov�ch zpr�v obsahuj�c�ch p��lohy ve form�tu PDF. N�kter� z t�chto p��loh nemus� b�t p��jemci pou��vaj�c�mi v�choz� internetov� prohl��e� Safari na opera�n�m syst�mu OS X schopni spr�vn� otev��t. �l�nek tuto situaci analyzuje a d�v� odpov�� na ot�zku, kdy bude p��loha ve form�tu PDF otev�ena spr�vn� a kdy nikoliv.

Keywords: Datov� zpr�va, datov� schr�nka, ISDS, PDF, OS X, Safari

On the Legibility of Data Message PDF Attachments on the OS X Platform

The Data Message Information System is a remarkable information system of the state infrastructure. Design of an information system of such importance should be done with much care also due to fact that if a design flaw appeared later, it could have severe impacts at the users. A flaw that will be discussed in this paper applies to a data message sending process of messages containing PDF attachments. Users with the default Safari web browser on OS X do not need to be always able to open such attachments. The paper analyses the situation and gives an answer to a question when will a PDF attachment be opened correctly and when not.

Keywords: Data Message, Data Mailbox, DMIS, PDF, OS X, Safari

Received: March 30, 2014; Revised: June 9, 2014; Accepted: June 14, 2014; Published: June 20, 2014  Show citation

ACS AIP APA ASA Harvard Chicago IEEE ISO690 MLA NLM Turabian Vancouver
Zahradnick�, T. (2014). On the Legibility of Data Message PDF Attachments on the OS X Platform. Acta Informatica Pragensia,�3(1),�8-22. doi:�10.18267/j.aip.32
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. Apple, Inc. (2012). CFNetwork Programming Guide. Retrieved from https://develo-per.apple.com/library/mac/documentation/Networking/Conceptual/CFNetwork/CFNetwork.pdf.
    2. Apple, Inc. (2011). OS X ABI Function Call Guide. Retrieved from https://develo-per.apple.com/library/mac/documentation/DeveloperTools/Conceptual/LowLevelABI/Mac_OS_X_ABI_Function_Calls.pdf.
    3. Apple, Inc. (2014a). Secure Transport Reference. Retrieved from https://develo-per.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/secureTransportRef.pdf.
    4. Apple, Inc. (2014b). The WebKit Open Source Project. Retrieved from http://www.webkit.org.
    5. Barua, A., Shahriar, H., & Zulker, M. (2011). Server Side Detection of Content Sniffing Attacks. In 22nd International Symposium on Software Reliability Engineering (pp. 20-29). IEEE. Go to original source...
    6. Cortesi, A., & Hils, M. (2013). Mitmproxy: A man-in-the-middle proxy. Retrieved from http://mitmproxy.org/.
    7. Dierks, T., & Allen, C. (1999). The TLS Protocol Version 1.0. Retrieved from http://tools.ietf.org/html/rfc2246. Go to original source...
    8. Faltstrom, P., Crocker, D., & Fair, E. (1994). MIME Content Type for BinHex Encoded Files. Retrieved from https://tools.ietf.org/html/rfc1741.
    9. Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. (1999). Hypertext Transfer Protocol-HTTP/1.1. Retrieved from https://tools.ietf.org/html/rfc2616. Go to original source...
    10. Freed, N., & Borenstein, N. (1996a). Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. Retrieved from https://tools.ietf.org/html/rfc2045.
    11. Freed, N., & Borenstein, N. (1996b). RFC 2046 - Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types. Retrieved from https://tools.ietf.org/html/rfc2046.
    12. Freier, A., Karlton, P., & Kocher, P. (2011). The Secure Sockets Layer (SSL) Protocol Version 3.0. Retrieved from http://tools.ietf.org/html/rfc6101.
    13. Hemsley, G. P., Barth, A., & Hickson, I. (2010). MIME Sniffing Standard, Living Standard. Retrieved from http://mimesniff.spec.whatwg.org.
    14. Hex-Rays S.A. (2014a). Hex-Rays Decompiler: Overview. Retrieved from https://www.hex-rays.com/products/decompiler/index.shtml.
    15. Hex-Rays S.A. (2014b). The Interactive Disassembler. Retrieved from https://www.hex-rays.com/index.shtml.
    16. Howard, M., & LeBlanc, D. (2003). Writing Secure Code. Redmond, WA, USA: Microsoft Press.
    17. LLVM Developer Group. (2014). The LLDB Debugger. Retrieved from http://lldb.llvm.org/index.html.
    18. Melnikov, A., & Reschke, J. (2012). Update to MIME regarding "charset" Parameter Handling in Textual Media Types. Retrieved from https://tools.ietf.org/html/rfc6657.
    19. Microsoft Corp. (nedatov�no). MIME Type Detection in Windows Internet Explorer. Retrieved from http://msdn.microsoft.com/en-us/library/ms775147.aspx.
    20. Olson, P., Loeb, L., Shapiro/Maug, N., Hagerman, M., Pester, M., & Bond, W. (1987). The MacBinary II Standard. Retrieved from http://files.stairways.com/other/macbinaryii-standard-info.txt.
    21. Ornaghi, A., Valleri, M., Escobar, E., & Milam, E. (2013). A comprehensive suite for man in the middle attacks. Retrieved from http://ettercap.github.io/ettercap/index.html.
    22. Prowell, S., Kraus, R., & Borkin, M. (2010). Seven Deadliest Network Attacks. Burlington, MA, USA: Syngress. Go to original source...
    23. Reschke, J. (2011). Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP). Retrieved from https://tools.ietf.org/html/rfc6266.
    24. Seacord, R. C. (2013). Secure Coding in C and C++. USA: Addison-Wesley Professional.
    25. Taft, E., Pravetz, J., Zilles, S., & Masinter, L. (2004). The application/pdf Media Type. Retrieved from https://tools.ietf.org/html/rfc3778.
    26. Zalewski, M. (2012). The Tangled Web. San Francisco, CA, USA: No Starch Press.

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content