I'm just starting to work with SEB 2.0RC. It looks like if I create a SEB settings file for "Starting an exam" and do not enter a "Settings Password", the file appears as plain text.
However, if I create a SEB settings file for "Configuring a client" and do not include a "Settings Password", the file does NOT appear as plain text.
Are the SEB files for "Configuring a client" encrypted regardless of whether or not a "Settings" or "admin" password are provided?
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, SEB setting files for "configuring a client" are always encrypted. If no settings password is entered, then a standard password is used, which isn't really safe, but at least the file is not just readable immediately as plain text. But that's why you shouldn't use the default client settings defined with .seb files for "configuring a client" for starting exams. You should use those only for "unsafe" default settings where SEB is advised to display an exam portal page on which you place the .seb files "for starting an exam" and encrypt each with another "exam password". Or mainly on managed exam clients you could use a certificate/key.
Those unencrypted plain text settings files are only meant for debugging purposes. Key meanings/file format information you can find in our SVN source code repository under SebResources.
Last edit: Daniel Schneider 2014-03-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm just starting to work with SEB 2.0RC. It looks like if I create a SEB settings file for "Starting an exam" and do not enter a "Settings Password", the file appears as plain text.
However, if I create a SEB settings file for "Configuring a client" and do not include a "Settings Password", the file does NOT appear as plain text.
Are the SEB files for "Configuring a client" encrypted regardless of whether or not a "Settings" or "admin" password are provided?
Thanks
Yes, SEB setting files for "configuring a client" are always encrypted. If no settings password is entered, then a standard password is used, which isn't really safe, but at least the file is not just readable immediately as plain text. But that's why you shouldn't use the default client settings defined with .seb files for "configuring a client" for starting exams. You should use those only for "unsafe" default settings where SEB is advised to display an exam portal page on which you place the .seb files "for starting an exam" and encrypt each with another "exam password". Or mainly on managed exam clients you could use a certificate/key.
The final documentation still isn't finished, but the most important information about configuring SEB you can find here: http://www.safeexambrowser.org/presentations/HowTo_SEB2.0.pdf
Those unencrypted plain text settings files are only meant for debugging purposes. Key meanings/file format information you can find in our SVN source code repository under SebResources.
Last edit: Daniel Schneider 2014-03-17
Thanks very much for the quick response and directing me to the PDF. It is helping to fill in some of the blanks.