Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » ElevateDB Technical Support » Support Forums » ElevateDB General » View Thread |
Messages 1 to 10 of 24 total |
Protect Your Encryption Passwords, Database Signature, etc. |
Tue, Oct 30 2018 5:57 PM | Permanent Link |
Steve Gill | Just thought I'd mention this.
If you have your encryption passwords, database signature, username and password and so on set in the TEDBEngine and/or TEDBSession components then I have come across at least one program that can read these from the executables. Mine are in code as constants in an encrypted form and decrypted at run time. However, I have them in the TEDBEngine and TEDBSession components at design time so that the TEDBStoredProc component can look up the stored procedure names and parameters. I forgot to clear them when compiling the release version. When I looked at the compiled executable with a tool I came across, the encryption passwords and signatures were there as plain as day! = Steve |
Wed, Oct 31 2018 3:58 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Steve
Not really a surprise, there's a lot of text in the exe - any decent hex editor will show it.I have such settings in my development version but the live version has a different Engine Signature, Different logon name & password and different encryption. I have them set up in dev mode so I can have open tables for layouts. If you want to clear them every time you compile have a look at installing GExperts - it has an expert which allows you to set property values on compile. Roy Lambert |
Wed, Oct 31 2018 4:05 PM | Permanent Link |
Steve Gill | Hi Roy,
<< If you want to clear them every time you compile have a look at installing GExperts - it has an expert which allows you to set property values on compile. >> Interesting. I'm not really looking for a solution. I'm just making other users aware of this if they don't know. Attached is an example I extracted out of the edbsvr.exe using this tool. = Steve Attachments: ExeDetails.png |
Wed, Oct 31 2018 7:59 PM | Permanent Link |
Steve Gill | Hi Roy,
That GExperts feature is pretty good. I didn't even know it was there. = Steve |
Thu, Nov 1 2018 4:36 AM | Permanent Link |
Malcolm Taylor | I have tried the GExperts feature it off and on over the years but find
it is missing a key option for me. It does not seem to be possible to specify a particular file to be checked. So if I only want to set the EDBEngine.Active=False, I am forced either to make sure my DataModule is open or use the 'all files' option. The 'all files' takes a while if the project has more than a few units. So I fall back on Tim's EDBEngine.StoreActive=False which mostly does the job until I am debugging when it seems to be possible to launch a new run without .Active being reset. Still, that beats the GExperts global search. Hmm, maybe Tim does not know about that glitch(?) Malcolm |
Thu, Nov 1 2018 5:26 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Malcolm
Since GExperts is open source you could always hack it to do exactly what you want. I have recently where I moved source files and added their path into Delphi's library path. GExperts grep search gave me a great long list of files it couldn't find - all of them linked into the project but not on its path Roy Lambert |
Thu, Nov 1 2018 5:31 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Steve
>I'm not really looking for a solution. I'm just making other users aware of this if they don't know. Attached is an example I extracted out of the edbsvr.exe using this tool. That's a far prettier display than my hex editor gives me I also experimented with unchecking the text format option for dfms and I could still see the details. I've known for a long time that Delphi exes contain a wadge of text it just never occurred to me that it might be something like this. Roy |
Thu, Nov 1 2018 6:02 AM | Permanent Link |
Malcolm Taylor | Yes, Roy, but it really is not an issue for me.
Tim's StoreActive does it for me 99.99% (subjectively) of the time. No need to check the other data components. I guess that if I had a longer list of components/properties to 'assert' I would gladly take the GExperts global search hit. |
Thu, Nov 1 2018 10:34 AM | Permanent Link |
Matthew Jones | FWIW, I wrote a little tool in Delphi which looks for dangerous lines in .pas files and removes them, thus allowing me to take any such important data out of the files automatically every time I run the FinalBuilder build script. Saves relying on the IDE or anything to ensure proper operation.
-- Matthew Jones |
Thu, Nov 1 2018 12:20 PM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Matthew
>FWIW, I wrote a little tool in Delphi which looks for dangerous lines in .pas files and removes them, thus allowing me to take any such important data out of the files automatically every time I run the FinalBuilder build script. Saves relying on the IDE or anything to ensure proper operation. I do hate having to tell you this but the above won't do any good - the nasty stuff Steve was talking about is in the dfm.. Roy |
Page 1 of 3 | Next Page » | |
Jump to Page: 1 2 3 |
This web page was last updated on Monday, May 6, 2024 at 12:23 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |