How to identify if uploaded excel file is same as that is downloaded?

Question

I am developing excel download & upload functionality using Java.

I have a link on my screen through which, user will download an excel.

I provide functionality to upload the excel. But, while uploading, I want restrict user to upload only that excel file which is downloaded to maintain security.

How will I be able to do that ?

I am using JXL API for Java.

EDIT: User will download the file, which will have all protected cells.

User will change the details in it and then re-upload it.

User may copy the content of the excel and save in another excel file and then add some junk data in it which may come across some security concerns.

To avoid it while uploading the file, I want to identify if the file is same as that is downloaded.

Answer 1

It is not possible to do what you want. The user will have access to everything you give them. If they are attacking you, they can use that to spoof that the file is the same. You need to do data validation on what comes in from the user, just like any other time you ask the user for data.

Probably the closest you can get is to check that every locked cell is still locked with the same password. There's still no guarantee that they haven't hacked your password, though, and once you're looking at every cell anyway, you may as well validate the value instead of the lock.

Answer 2

An idea would be to add an unique ID somewhere inside the file and lock those cells from editing.

You could check this tutorial on how to Lock or unlock specific areas of a protected worksheet

Also, you can compare the files' creation date timestamps and check if they're the same.

Answer 3

1. Protect sheet( or required cells) with a password.
2. On upload verify the password.
3. Store the password in property files or in some secured location.

I have resolved my issue using Apache POI lib and "validateSheetPassword(pwd)" method.