Hi,
I know that every time a proc note is updated, a new record is created so that the previous note can not be changed as seen in the audit trail when the audit box is checked in the Show tab. However I could always update the DB directly, and change the note in the audit trail.
This is where I hope that by signing the note with my Topaz the note cannot be tampered even when modification is done to the DB directly. To my surprise, I was able to update the text of the signed note by updating the record in the ProcNote table using sql and OpenDental did not invalidate my signature. This defeats purpose of signing a document since the content of the document can be changed after the signing.
What I want is when I signed something it cannot be modified afterward. If it was modified, then the signature should be invalidated or the modified text should be invalidated.
A simple solution is to take the MD5 of the note when it is signed. If the note gets modified after it has been signed, the MD5 of the modified note will no longer match the previous MD5 and the signature should be invalidated.
Signed ProcNote can be tampered
-
jordansparks
- Site Admin
- Posts: 5770
- Joined: Sun Jun 17, 2007 3:59 pm
- Location: Salem, Oregon
- Contact:
Re: Signed ProcNote can be tampered
The signature is indeed locked to the text in the db. And the only way to decrypt the signature to show it is to have the hash of the unaltered text. So tell me, how did you determine that the signature was not invalidated? Did you open the procedure and look for the original signature?
Jordan Sparks, DMD
http://www.opendental.com
http://www.opendental.com
Re: Signed ProcNote can be tampered
Yes that was what I did. I signed the note with the Topaz in OpenDental TreatPlan Procedure Info window. Modified the note directly in the DB using sql. Opened the note again in Procedure Info window and the signature was still shown with the altered text.
OpenDental: 7.0.35
Topaz Model: T-LBK462-HSB-R
OpenDental: 7.0.35
Topaz Model: T-LBK462-HSB-R
-
jordansparks
- Site Admin
- Posts: 5770
- Joined: Sun Jun 17, 2007 3:59 pm
- Location: Salem, Oregon
- Contact:
Re: Signed ProcNote can be tampered
The note is invalidated perfectly when I sign directly on the screen. I just checked. I'll have to go hunt down a Topaz pad to check that.
Jordan Sparks, DMD
http://www.opendental.com
http://www.opendental.com
-
jordansparks
- Site Admin
- Posts: 5770
- Joined: Sun Jun 17, 2007 3:59 pm
- Location: Salem, Oregon
- Contact:
Re: Signed ProcNote can be tampered
You are correct. I have put it down as a bug.
Jordan Sparks, DMD
http://www.opendental.com
http://www.opendental.com
-
jordansparks
- Site Admin
- Posts: 5770
- Joined: Sun Jun 17, 2007 3:59 pm
- Location: Salem, Oregon
- Contact:
Re: Signed ProcNote can be tampered
Fixed, but not quite released yet. There is no way to fix old signatures. The fix only works for signatures from here going forward.
Jordan Sparks, DMD
http://www.opendental.com
http://www.opendental.com