If you are using a version 4 UUID there is a chance an end user could find the local file where it is stored and tamper with it, such as copying it to another machine.
One possible solution is to save the last modified time after the file is created and then compare it to the current last modified time of the file to see if it is the same.
If the file has been edited or moved, the user’s OS will update the last modified file time. If your app checks it against the known last modified time you can be reasonably sure the file has not been tampered with by an average user.
If you are using V4 UUIDs we recommend checking the last modified time right after the UUID file was created and saving this variable into another separate, hidden file. It is recommended your encrypt this data using SHA-1 for even more security.
A Note On Effectiveness #
Just like anything related to digital security, nothing is 100% foolproof. Someone determined enough could still find a way to edit the modified time back to its pre-edited time after moving the file, although it is not something your average user will likely know how to do. See our documentation on digital security.
Although most popular programming languages return the last modified time of a file as the difference between the current last modified time and the Epoch ( so it is not easily recognizable by the average end user nor is it in a standard date/time format), it could be reverse engineered into the actual last modified time.
To add another layer of security we recommend encrypting the output with SHA-1 to further prevent an end user from easily deciphering the time from the data.
Due to the inherent nature of computer systems and operating systems, achieving 100% security is not feasible. Additionally, encryption does not make reverse engineering by a malicious user completely impossible. However, by implementing these measures, you are significantly increasing the difficulty and inconvenience for anyone attempting to unauthorized access your application.
Getting Last Modified Time #
Here’s an example in Python on how to get the last modified date, hash it with SHA-1, and save it as a variable. The same can be done in all popular languages.
import os
import hashlib
# File path of the UUID file
file_path = "path/to/your/uuid_secret_file.txt"
# Get the last modified time, in the form of a string
last_modified_time = str(os.path.getmtime(file_path)).encode('utf-8')
# Hash the results in a SHA-1
uuid_last_mod = hashlib.sha1(last_modified_time).hexdigest()
Comparing Last Modified Times #
To compare the JSON response value to the current actual value, you could do something like this (example is in Python, but any language can do it).
import os
import hashlib
from datetime import datetime
def hash_date(date_str):
# Hash the date string using SHA-1
return hashlib.sha1(date_str.encode()).hexdigest()
# Path to the file you want to check
file_path = "path/to/your/uuid_secret_file.txt"
# Path to the file containing the previously saved SHA-1 hash of the last modified date
hash_file_path = "path/to/your/saved_hash_file.txt"
# Get the last modified time, in the form of a string
last_modified_time = str(os.path.getmtime(file_path)).encode('utf-8')
# Hash the last modified date
last_modified_date_hash = hash_date(last_modified_time)
# Read the previously saved hash from the file
with open(hash_file_path, 'r') as file:
saved_hash = file.read().strip()
# Compare the hashes
if last_modified_date_hash == saved_hash:
print("Success! The file has not been modified since the last saved date.")
else:
print("Warning! The file has been modified since the last saved date.")