Just thought I'd mention this.  

If you have your encryption passwords, database signature, username and password and so on set in the TEDBEngine and/or TEDBSession components then I have come across at least one program that can read these from the executables.

Mine are in code as constants in an encrypted form and decrypted at run time.  However, I have them in the TEDBEngine and TEDBSession components at design time so that the TEDBStoredProc component can look up the stored procedure names and parameters.

I forgot to clear them when compiling the release version.  When I looked at the compiled executable with a tool I came across, the encryption passwords and signatures were there as plain as day!

= Steve

Steve


Not really a surprise, there's a lot of text in the exe - any decent hex editor will show it.I have such settings in my development version but the live version has a different Engine Signature, Different logon name & password and different encryption. I have them set up in dev mode so I can have open tables for layouts.

If you want to clear them every time you compile have a look at installing GExperts - it has an expert which allows you to set property values on compile.

Roy Lambert

Hi Roy,

<< If you want to clear them every time you compile have a look at installing GExperts - it has an expert which allows you to set property values on compile. >>

Interesting.

I'm not really looking for a solution.  I'm just making other users aware of this if they don't know.  Attached is an example I extracted out of the edbsvr.exe using this tool.

= Steve

Hi Roy,

That GExperts feature is pretty good.  I didn't even know it was there.

= Steve

I have tried the GExperts feature it off and on over the years but find
it is missing a key option for me.

It does not seem to be possible to specify a particular file to be
checked.  So if I only want to set the EDBEngine.Active=False, I am
forced either to make sure my DataModule is open or use the 'all files'
option.  The 'all files' takes a while if the project has more than a
few units.

So I fall back on Tim's EDBEngine.StoreActive=False which mostly does
the job until I am debugging when it seems to be possible to launch a
new run without .Active being reset.  Still, that beats the GExperts
global search.

Hmm, maybe Tim does not know about that glitch(?)

Malcolm

Malcolm


Since GExperts is open source you could always hack it to do exactly what you want. I have recently where I moved source files and added their path into Delphi's library path. GExperts grep search gave me a great long list of files it couldn't find - all of them linked into the project but not on its path

Roy Lambert

Steve


>I'm not really looking for a solution. I'm just making other users aware of this if they don't know. Attached is an example I extracted out of the edbsvr.exe using this tool.

That's a far prettier display than my hex editor gives me

I also experimented with unchecking the text format option for dfms and I could still see the details. I've known for a long time that Delphi exes contain a wadge of text it just never occurred to me that it might be something like this.

Roy

Yes, Roy, but it really is not an issue for me.
Tim's StoreActive does it for me 99.99% (subjectively) of the time.  No
need to check the other data components.

I guess that if I had a longer list of components/properties to
'assert' I would gladly take the GExperts global search hit.  

FWIW, I wrote a little tool in Delphi which looks for dangerous lines in .pas files and removes them, thus allowing me to take any such important data out of the files automatically every time I run the FinalBuilder build script. Saves relying on the IDE or anything to ensure proper operation.


--

Matthew Jones

Matthew


>FWIW, I wrote a little tool in Delphi which looks for dangerous lines in .pas files and removes them, thus allowing me to take any such important data out of the files automatically every time I run the FinalBuilder build script. Saves relying on the IDE or anything to ensure proper operation.

I do hate having to tell you this but the above won't do any good - the nasty stuff Steve was talking about is in the dfm..

Roy