Re: Encryption question
- From: "Stanislaw Tristan" <admin@xxxxxxxxxx>
- Date: Tue, 20 Jun 2006 13:34:37 +0300
Thanks, I'm also think so.
"Steve B." <steve_beauge@xxxxxxxxxxxxxxxxxxxxxxxx> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ ×
ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ: news:e2PzV6ElGHA.1276@xxxxxxxxxxxxxxxxxxxxxxx
I suppose that a good programmer can "debug" your process and grab the
password.
However, I don't think there is a workaround to solve this problem...
"Stanislaw Tristan" <admin@xxxxxxxxxx> a écrit dans le message de news:
OJMbPvElGHA.1272@xxxxxxxxxxxxxxxxxxxxxxx
Ok, if I obfuscate my app and provide manual password entering - after
the user enters password and click Connect button - catching is possible?
"Steve B." <steve_beauge@xxxxxxxxxxxxxxxxxxxxxxxx> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ ×
ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ: news:%23IzUAbElGHA.1936@xxxxxxxxxxxxxxxxxxxxxxx
If you decompile the application (using reflector, for example), you
will see the encryption key in clear if the key is hard coded.
You may consider crypting this key with a user password asked each time
the application run.
Unfortunately, debugging the app will also help a malicious user to read
the memory and the key...
Steve
"Stanislaw Tristan" <admin@xxxxxxxxxx> a écrit dans le message de news:
uwpDIL$kGHA.1936@xxxxxxxxxxxxxxxxxxxxxxx
Is a password for the encrypted database that I'm specified in the
connection string can be catched 3rd party software such as sniffers,
memory dumpers etc. while connection opening?
.
- References:
- Encryption question
- From: Stanislaw Tristan
- Re: Encryption question
- From: Steve B.
- Re: Encryption question
- From: Stanislaw Tristan
- Re: Encryption question
- From: Steve B.
- Encryption question
- Prev by Date: Re: question about Sql Everywhere
- Next by Date: Re: question about Sql Everywhere
- Previous by thread: Re: Encryption question
- Next by thread: ATL OLEDB Consumer Templates, SQL CE
- Index(es):
