Re: source code easily viewed?
- From: "Ralph" <nt_consulting64@xxxxxxxxx>
- Date: Thu, 25 Aug 2005 14:25:58 -0500
"brady" <brady@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:64B1D0FC-A27F-4751-AEFD-1E34058060C0@xxxxxxxxxxxxxxxx
> i don't think this is technically a 'bug' per say, but it is to me....
>
> if i create a simple password program in VB, such as 'Enter Password to
> Continue', i can simply open my executable file in notepad and find the
> password without spending even a minute looking. VB is worst about text
> files in resources. you can clearly view the text in plain text!
>
> this is a total security breach, isn't it?
>
> is there anyway to encode my executable files?
>
> Thanks,
Yes, this is a "total security breach".
It is not just a VB nor a Windows problem either, any COFF or PCode file
image is going to display static character arrays (hardcoded strings) in the
clear in the Data segment (archaic term, but still useful description) -
that goes for Java, Unix, VB compiled to PCode, IL, &etc.
VB is no worse than any of them.
Even if you encrypt the string, but expose the decryption procedure in your
code, you only slow down the many - your password can still be found and
decrypted by the few. In short there is no way an application on its own can
protect itself if anyone is allowed access to it. Any platform, any
language, any media. Period.
Encrypting a program file is an interesting alternative, but then you have
to have a routine to decrypt and launch. Then you have to protect that.
Leads to a string of nested boxes if you aren't careful.
You need to invoke outside resources. The simplest is to keep your exe in
folder that provides execute permission but not read or write. Use other
authentication schemes - a database, windows login, etc.
hth
-ralph
.
- Prev by Date: Re: Subtraction Bug in VB
- Next by Date: Application crash
- Previous by thread: Bug in SHBrowseForFolder API in Visual Basic - Urgent
- Next by thread: Application crash
- Index(es):
Relevant Pages
|
