Hi!
I need to store some information about my application, such as trail version
limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a binary file in the application's directory. My question is more aimed
to the security issues, because I don't face performence as problem, since I
need it just what the apllication starts.
Thanks!
Tom Rahav.
6  1608 
"Tom Rahav" <to******@nospa m.nospam> wrote in
news:Ok******** ******@tk2msftn gp13.phx.gbl: I need to store some information about my application, such as trail
version limits, allowed modules, etc.
My question is whether it's better to store it in the windows
registry, or in a binary file in the application's directory. My
Neither. Use the user local storage. The paths are listed in the Application object.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programmin g is an art form that fights back"
Make your ASP.NET applications run faster http://www.atozed.com/IntraWeb/
Hi Tom,
As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the registry
to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hello Steven,
If I do understand you well, storing such information in the application's
binary file, require re-compilation for each change in these variables. What
I actually want is to provide the the ability to add and remove modules
dinamically, without creating a different installation / exe file per each
version. Did I get you well?
Thanks!
Tom.
"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:ur******** ********@TK2MSF TNGXA01.phx.gbl ... Hi Tom,
As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the registry
to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in
the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
A bit confusing ?
You could have just those modules in a directory and load them if available
or list them in the config file...
Do you mean you should have a mean to enable/disable the module. Past
applications protected with dongle were using an identifier for each module
combined together with an expiration date and giving a last result...
Each time the user wants to add a module you issue them the new result of
this computation else they are not recognized...
Not sure what is the exact question ?
Patrice
--
"Tom Rahav" <to******@nospa m.nospam> a écrit dans le message de
news:Oa******** ******@tk2msftn gp13.phx.gbl... Hello Steven,
If I do understand you well, storing such information in the application's
binary file, require re-compilation for each change in these variables.
What I actually want is to provide the the ability to add and remove modules
dinamically, without creating a different installation / exe file per each
version. Did I get you well?
Thanks!
Tom.
"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:ur******** ********@TK2MSF TNGXA01.phx.gbl ... Hi Tom,
As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the
registry to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in
the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Thanks for Patrice's input.
Hi Tom,
Yes, injecting info in application's binary file dynamically in runtime is
diffcult(need to use raw win32 API) and this is even impossible in .net
world when we strong-named our assembly. Anyway, for your scenario, I think
you can put those info in a separtae binary file, and to make it more
secure, I suggest you perform encryption and digitsign on them.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
If the information is User- or Computer dependent use the registry,
otherwise use the application's directory.
"Tom Rahav" <to******@nospa m.nospam> schrieb im Newsbeitrag
news:Ok******** ******@tk2msftn gp13.phx.gbl... Hi!
I need to store some information about my application, such as trail
version limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a binary file in the application's directory. My question is more aimed
to the security issues, because I don't face performence as problem, since
I need it just what the apllication starts.
Thanks!
Tom Rahav.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Edward K. Ream |
last post by:
The docs for 2.2 and 2.3 contain a "What's new" section.
Are there any such sections for 2.0 and 2.1? If so, where are they?
Thanks.
Edward
--------------------------------------------------------------------
Edward K. Ream email: edreamleo@charter.net
Leo: Literate Editor with Outlines
|
by: Ajax Chelsea |
last post by:
can not the "static const int" be replaced by "static enum" anywhere?
is it necessary that define special initialization syntax for "static const int"?
|
by: Alessandro Bottoni |
last post by:
Is there any module or interface that allow the programmer to access a
imap4/pop3 server in a more pythonic (or Object Oriented) way than the
usual imaplib and popolib?
I mean: is there any module that would allow me to query the server for
specific messages (and fetch them) in a way similar to a OODB?
TIA
-----------------------------------
|
by: junky_fellow |
last post by:
Which is better using a switch statement or the if-then equivalent
of switch ?
|
by: Tom Rahav |
last post by:
Hi!
I need to store some information about my application, such as trail version
limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a binary file in the application's directory. My question is more aimed
to the security issues, because I don't face performence as problem, since I
need it just what the apllication starts.
Thanks!
| | |
by: john_sips_tea |
last post by:
Just tried Ruby over the past two days. I won't bore you
with the reasons I didn't like it, however one thing really
struck me about it that I think we (the Python community)
can learn from.
Ruby has ... an issue with docs. That is to say, there are
almost none. Well, actually, there are some. For example,
the "PickAxe" book (google it), and "Why's" Poignant Guide.
But there's a disturbing lack of *built-in* docs for Ruby.
Now, the...
|
by: Yang Zhang |
last post by:
Anybody know how I can bootstrap-build lzz? The website is down, and
the SF project only contains the lzz source (lzz is self-hosting).
Also, are there any newer/better tools along the same lines? I dig the
whole "better C++" theme (note that I mean tools that let me use
existing C++ code and let others use my code; for instance, D stopped C
++ support, so it wouldn't fit in such a list). I found this one, but
I'm not sure how it...
|
by: CF FAN |
last post by:
which one is better "eq" or "is" in coldfusion
<cfif test eq "1">
or
<cfif test is "1">
which one is more effective??
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| | |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
