How to protect the speed template from counterfeiting?

Question

How to protect the speed template from counterfeiting?

We have a Velocity template for a receipt. The template includes the Taxpayer Identification Number, the value of which will be replaced at the time of receipt. This is to ensure that the TIN of the actual license holder is printed on the receipt.

How can we prevent the end user from hard-coding the TIN in the template itself? Is there a way for Velocity to throw an exception if it cannot find a field in the template during a merge?

0

java velocity

tellme May 21 '09 at 10:58

a source to share

2 answers

Brian Agnew · Answer 1 · 2009-05-21T11:07:23+0000

You may be better off protecting the template itself rather than trying to force Velocity to report incorrect operations. Velocity is pretty tolerant of missing fields, etc., so I suspect it won't do what you want.

Can you protect the template by signing it or similar? Thus, it should be detected immediately if someone intervened with it.

Thilo · Answer 2 · 2009-05-21T11:06:34+0000

Is the user allowed to customize other parts of the template?

If not, you can enable md5 checksum for the template in your program and check if the file has been modified.

Not sure if it's worth the effort. There are many other ways for an attacker to forge a receipt, and you cannot stop them all.

How to protect the speed template from counterfeiting?

More articles: