Security concerns for Real-time Sync

With Real-time Sync, it is very easy to establish a collaboration session and invite other users to join in. This page describes the security concerns of sharing a spreadsheet on the web.

Once you have converted an Excel spreadsheet into a web page with SpreadsheetConverter, you can share it on the web with a feature called Real-time Sync. You may want to read the introduction to Real-time Sync before you continue.

Security concerns

Real-time Sync was designed to provide powerful collaboration features without requirements on your existing IT infrastructure, and without requiring technical specialists. It is intended mainly for sharing of information that is of little interest to anybody else, e.g. making schedules, small budgets or for technical analysis.

To achieve this, Real-time Sync provides only rudimentary access control. If you know the link to the web page and a secret key, you’re in.  For many collaboration situations, this is just the level of security you need. It’s so unlikely that someone outside the work group would 1) be interested in the results of the collaboration; 2) know the link and 3) know the secret key that this level of access control is sufficient.

Publishing business-critical information on the world-wide web is probably generally a bad idea. If you want to use Real-time Sync to collaborate on a powerful spreadsheet that documents confidential parts of your business model, pricing structure or product plans, you should seriously consider the security implications first.

Use an intranet behind a firewall

The access control in Real-time Sync only protects the collaboration session and its saved values. The calculator itself is not protected and can always be accessed by anyone with the correct link. If you access a calculator directly without Real-time Sync, you get a single-user copy with the initial values that were in the cells when the spreadsheet was converted. If you need to control all access to the converted web page you must use the security features of the network, e.g. by using an intranet.

The servers on your intranet are located behind a firewall that makes their data less insecure. You should publish all sensitive calculators or forms only on your intranet servers, since this makes it almost impossible for someone on the outside to access them.

Consider using a protected folder

It is usually very difficult to keep a web page completely secret. Many publishing systems indirectly link to all pages they publish, making it easy for an indexing spider to add the page to its index and possibly even making the calculator searchable. Most spreadsheets contain a lot of text that an indexing spider will save in its index, making it easy for anyone behind the firewall to find your spreadsheet if they use the right search terms.

To avoid prying eyes it may be useful to save the calculator in a reserved folder that is only available to approved users. Once again this is standard network access control and has nothing to do with Real-time Sync.

Make the secret key secure

The secret key used by Real-time Sync provides an extra level of security for the collaboration session and its saved data. Even if you have access to the calculator itself, you cannot participate in the collaboration session unless you know the secret key. If the Real-time Sync session itself is sensitive, you should use a secret key that is long, with a combination of letters, digits and special characters that is impossible to guess.

Since the secret key is used in the “k” parameter of the link to the calculator, it must conform to the rules for what characters links may contain. If you want to use special characters in your secret key, you can safely use only the following, since they have no reserved meaning in a link:

$ dollar sign
- minus sign or hyphen
_ underscore
. period
+ plus sign
! exclamation point
* asterisk
' apostrophe
( left or opening parentheses
) right or closing parentheses
, comma

Send the secret key separately, not in the link

If you include the secret key in the link you send to your collaborators, you make it much more convenient for them to directly access the shared session, but if any possible intruders find the full link, they also have full access the shared session:

http://www.example.com/budget/budget.htm?k=northwest

Instead of sharing the full link with your collaborators, you should only send them the safe, plain link:

http://www.example.com/budget/budget.htm

and then separately provide them with the secret key northwest that they need to join the sharing session by pressing the Real-time Sync button in the toolbar and manually entering the secret key.

Using the secret key as a session name

If you want to use the same calculator as a template for more than one Real-time Sync session, e.g. for different time periods, geographical regions or market languages, you must use a different secret key for each session. To make it easier for users to handle the increasing number of keys, consider including things like months or region names in the secret key.

Example: You have decided to use the secret key “Internat10nalHarve$ter”, since it is pretty easy to remember but very difficult to guess. To use this secret key for the January figures for the French-speaking markets of Europe, you may use the combined secret key “Internat10nalHarve$ter-EU-FR-Jan”. Since all combinations of market, language and month create their own collaboration session, it is easy to keep each session separate.