Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » DBISAM Technical Support » Support Forums » DBISAM General Discussion » View Thread |
Messages 1 to 10 of 12 total |
OT- how2 tie a DAT file to a single computer |
Tue, Sep 12 2006 9:11 PM | Permanent Link |
Jerry Blumenthal | One of my customers wants me to make sure that noone can take his data
and open it up on another computer. The files are encrypted, but could be opened if someone brought them to another computer AND had a valid password. So he wants me to provide some additional security. I want to tie the password file to his computer. I do have a backdoor to that file, but it is safe because that password changes every day, so if his computer crashed and he had to use backups to install on another computer, I could always do that. So how do I tie a single data file to a specific hard drive or computer? There must be some kind of code snippet somewhere...... Jerry |
Tue, Sep 12 2006 11:09 PM | Permanent Link |
"Jerry Hayes" | Could you just hash his password with the mac address of the network card?
He'd have to remember it (have it recorded) in case his computer toasted, but that's pretty specific. You could even wire it up so you don't ever have to know it -- let him know it keeps it safe from you, too. So, the other person would have to know the password and his mac address; or SID or both or whatever. Just as an FYI, I have a fingerprint reader built-in on my laptop (they have externals too). Pretty nice, very reliable and it lets me have a 30 character password, because I never have to use it. I have a "My Safe" on my desktop that I can't get into unless I imprint and then I can open it up. "Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message news:4557A69D-94E6-49E4-BB84-FF66E98D94BF@news.elevatesoft.com... > One of my customers wants me to make sure that noone can take his data and > open it up on another computer. > > The files are encrypted, but could be opened if someone brought them to > another computer AND had a valid password. > > So he wants me to provide some additional security. I want to tie the > password file to his computer. I do have a backdoor to that file, but it > is safe because that password changes every day, so if his computer > crashed and he had to use backups to install on another computer, I could > always do that. > > So how do I tie a single data file to a specific hard drive or computer? > There must be some kind of code snippet somewhere...... |
Wed, Sep 13 2006 7:12 AM | Permanent Link |
Jerry Blumenthal | What I need is the code snippet that lets me get that MAC address or
lets me ID the hard drive. Once I have a function like Get_CPU_ID or something like that, I can encrypt it and create an extra field in the table's record, store the encrypted ID in that field, and then refuse to use the other data in the record if that ID doesnt match. So if you have a function to get the mac address, please let me know what it is. Re the fingerprint: his concern is that some employee who is authorized and has a password and a valid fingerprint access will then make a copy somehow of the data files, either by burning a CD, or by emailing them, etc... Jerry Jerry Hayes wrote: > Could you just hash his password with the mac address of the network card? > He'd have to remember it (have it recorded) in case his computer toasted, > but that's pretty specific. > > You could even wire it up so you don't ever have to know it -- let him know > it keeps it safe from you, too. So, the other person would have to know the > password and his mac address; or SID or both or whatever. > > Just as an FYI, I have a fingerprint reader built-in on my laptop (they have > externals too). > > Pretty nice, very reliable and it lets me have a 30 character password, > because I never have to use it. I have a "My Safe" on my desktop that I > can't get into unless I imprint and then I can open it up. > > "Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message > news:4557A69D-94E6-49E4-BB84-FF66E98D94BF@news.elevatesoft.com... >> One of my customers wants me to make sure that noone can take his data and >> open it up on another computer. >> >> The files are encrypted, but could be opened if someone brought them to >> another computer AND had a valid password. >> >> So he wants me to provide some additional security. I want to tie the >> password file to his computer. I do have a backdoor to that file, but it >> is safe because that password changes every day, so if his computer >> crashed and he had to use backups to install on another computer, I could >> always do that. >> >> So how do I tie a single data file to a specific hard drive or computer? >> There must be some kind of code snippet somewhere...... > > |
Wed, Sep 13 2006 7:48 AM | Permanent Link |
"Jerry Hayes" | http://bdn.borland.com/article/0,1410,26040,00.html
But I'm not sure about the "extra field" part -- why use that instead of the password for the table? What keeps the user from copying the file and then looking at other data besides the MAC field? |
Wed, Sep 13 2006 9:02 AM | Permanent Link |
Jon Lloyd Duerdoth | Jerry,
Look at the OnGuard routines from TurboPower... the software is now open source and available no charge. http://sourceforge.net/projects/tponguard Jon Jerry Blumenthal wrote: > One of my customers wants me to make sure that noone can take his data > and open it up on another computer. > > The files are encrypted, but could be opened if someone brought them to > another computer AND had a valid password. > > So he wants me to provide some additional security. I want to tie the > password file to his computer. I do have a backdoor to that file, but > it is safe because that password changes every day, so if his computer > crashed and he had to use backups to install on another computer, I > could always do that. > > So how do I tie a single data file to a specific hard drive or computer? > There must be some kind of code snippet somewhere...... > > > Jerry |
Wed, Sep 13 2006 11:39 AM | Permanent Link |
Jerry Blumenthal | Jerry Hayes wrote:
> http://bdn.borland.com/article/0,1410,26040,00.html > > But I'm not sure about the "extra field" part -- why use that instead of the > password for the table? What keeps the user from copying the file and then > looking at other data besides the MAC field? > > The file is password protected. It can only be opened with the password, which is embedded in a program that will show only certain fields in the records. Effectively, the extra field is hidden. If the user copies the file, he still cant look at other data without that program. But even if he did, suppose the serial# is ABC123. But when encrypted and stored it comes out to 123456qwert09976. He is not going to be able to move that file to another computer and know how to send a decrypted serial# to match the one on the new computer. I would prefer to put the extra field into the file header, but that's a lot of trouble, and I dont know how; Tim would probably yell at me. Besides, the extra field approach should work. I'm not looking for government level security, just to prevent an employee from messing around when he has no right to do so. Jerry |
Wed, Sep 13 2006 11:40 AM | Permanent Link |
Jerry Blumenthal | Actually I purchased those routines years ago before TP went out of the
Delphi business. I didnt know that they included machinery methods; I'll have to look. Thanks. Jerry Jon Lloyd Duerdoth wrote: > Jerry, > > Look at the OnGuard routines from TurboPower... > the software is now open source and available no charge. > > http://sourceforge.net/projects/tponguard > > > Jon > > Jerry Blumenthal wrote: >> One of my customers wants me to make sure that noone can take his data >> and open it up on another computer. >> >> The files are encrypted, but could be opened if someone brought them >> to another computer AND had a valid password. >> >> So he wants me to provide some additional security. I want to tie the >> password file to his computer. I do have a backdoor to that file, but >> it is safe because that password changes every day, so if his computer >> crashed and he had to use backups to install on another computer, I >> could always do that. >> >> So how do I tie a single data file to a specific hard drive or computer? >> There must be some kind of code snippet somewhere...... >> >> >> Jerry |
Wed, Sep 13 2006 4:12 PM | Permanent Link |
Jon Lloyd Duerdoth | Jerry,
There's definitely a routine that creates a fingerprint for a machine based upon a number of characteristics. You could use this fingerprint to create the kind of thing you have in mind. Jon Jerry Blumenthal wrote: > Actually I purchased those routines years ago before TP went out of the > Delphi business. I didnt know that they included machinery methods; > I'll have to look. Thanks. > > Jerry > > > > Jon Lloyd Duerdoth wrote: >> Jerry, >> >> Look at the OnGuard routines from TurboPower... >> the software is now open source and available no charge. >> >> http://sourceforge.net/projects/tponguard >> >> >> Jon >> >> Jerry Blumenthal wrote: >>> One of my customers wants me to make sure that noone can take his >>> data and open it up on another computer. >>> >>> The files are encrypted, but could be opened if someone brought them >>> to another computer AND had a valid password. >>> >>> So he wants me to provide some additional security. I want to tie >>> the password file to his computer. I do have a backdoor to that >>> file, but it is safe because that password changes every day, so if >>> his computer crashed and he had to use backups to install on another >>> computer, I could always do that. >>> >>> So how do I tie a single data file to a specific hard drive or computer? >>> There must be some kind of code snippet somewhere...... >>> >>> >>> Jerry |
Wed, Sep 13 2006 4:14 PM | Permanent Link |
Jon Lloyd Duerdoth | Jerry,
You could use the file description field to store some sort of encrypted string. Jon Jerry Blumenthal wrote: > Jerry Hayes wrote: >> http://bdn.borland.com/article/0,1410,26040,00.html >> >> But I'm not sure about the "extra field" part -- why use that instead >> of the password for the table? What keeps the user from copying the >> file and then looking at other data besides the MAC field? >> >> > > > The file is password protected. It can only be opened with the > password, which is embedded in a program that will show only certain > fields in the records. Effectively, the extra field is hidden. > > If the user copies the file, he still cant look at other data without > that program. > > But even if he did, suppose the serial# is ABC123. But when encrypted > and stored it comes out to 123456qwert09976. He is not going to be able > to move that file to another computer and know how to send a decrypted > serial# to match the one on the new computer. > > I would prefer to put the extra field into the file header, but that's a > lot of trouble, and I dont know how; Tim would probably yell at me. > Besides, the extra field approach should work. I'm not looking for > government level security, just to prevent an employee from messing > around when he has no right to do so. > > Jerry |
Wed, Sep 13 2006 4:20 PM | Permanent Link |
"Norman W. Clark [Clark-Tech Inc.]" | Jerry:
You've touched on one of key shortcomings of the modern PC ... stuff fails!. If you tie your data to the MAC address of one machine (and several of the methods cited are not foolproof - see my experience below) and if the user has to change out his Ethernet adapter, then how do you propose the user will be able to access his own data? This hardware identity issue is a constant struggle in software licensing. Another approach you might consider would be to encode the data and have the encryption/decryption provided by a small service program that runs on the "intended" user's machine. The service program could communicate via messaging with your application and provide the real-time encryption/decryption. If another user attempted to view the data from another machine then the data is meaningless. The "thief/casual user" would have to obtain all three components - the service program, your application and the data. This approach does not depend on hardware and is portable to different environments. On the issue of MAC addresses, I have had some interesting experiences with all the methods cited in this thread. One thing I would like to suggest to everyone who relies on any of the NetBIOS methods, is to test your application using the following approach: 1. - Cold boot the target machine and immediately run your application - hopefully you will obtain the correct results. 2. - Perform a "Log Out"/"Log In" without a cold boot in between then run your application and check your results. I have experienced different NetBIOS results being received in this situation. It can depend on the machine's BIOS, network adapter, protocols and even the protocols running on a remote server where the station might map a network drive. In short - be careful when using MAC addresses and ensure that you provide fall-back methods - you are likely to need them. -- .... Norm Norman W. Clark, Clark-Tech Inc. nclark@clark-tech.com www.clark-tech.com www.smbproducts.com "Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message news:44977079-8F44-47D4-8BF1-3D257DEACEC6@news.elevatesoft.com... > What I need is the code snippet that lets me get that MAC address or lets me > ID the hard drive. Once I have a function like Get_CPU_ID or something like > that, I can encrypt it and create an extra field in the table's record, store > the encrypted ID in that field, and then refuse to use the other data in the > record if that ID doesnt match. > > So if you have a function to get the mac address, please let me know what it > is. > > Re the fingerprint: his concern is that some employee who is authorized and > has a password and a valid fingerprint access will then make a copy somehow of > the data files, either by burning a CD, or by emailing them, etc... > > Jerry > > > > Jerry Hayes wrote: >> Could you just hash his password with the mac address of the network card? >> He'd have to remember it (have it recorded) in case his computer toasted, but >> that's pretty specific. >> >> You could even wire it up so you don't ever have to know it -- let him know >> it keeps it safe from you, too. So, the other person would have to know the >> password and his mac address; or SID or both or whatever. >> >> Just as an FYI, I have a fingerprint reader built-in on my laptop (they have >> externals too). >> >> Pretty nice, very reliable and it lets me have a 30 character password, >> because I never have to use it. I have a "My Safe" on my desktop that I >> can't get into unless I imprint and then I can open it up. >> >> "Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message >> news:4557A69D-94E6-49E4-BB84-FF66E98D94BF@news.elevatesoft.com... >>> One of my customers wants me to make sure that noone can take his data and >>> open it up on another computer. >>> >>> The files are encrypted, but could be opened if someone brought them to >>> another computer AND had a valid password. >>> >>> So he wants me to provide some additional security. I want to tie the >>> password file to his computer. I do have a backdoor to that file, but it is >>> safe because that password changes every day, so if his computer crashed and >>> he had to use backups to install on another computer, I could always do >>> that. >>> >>> So how do I tie a single data file to a specific hard drive or computer? >>> There must be some kind of code snippet somewhere...... >> >> > > |
Page 1 of 2 | Next Page » | |
Jump to Page: 1 2 |
This web page was last updated on Saturday, May 4, 2024 at 12:54 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |