Hi!
I need to store some information about my application, such as trail version
limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a binary file in the application's directory. My question is more aimed
to the security issues, because I don't face performence as problem, since I
need it just what the apllication starts.
Thanks!
Tom Rahav.
6  1582 
"Tom Rahav" <to******@nospam.nospam> wrote in
news:Ok**************@tk2msftngp13.phx.gbl: I need to store some information about my application, such as trail
version limits, allowed modules, etc.
My question is whether it's better to store it in the windows
registry, or in a binary file in the application's directory. My
Neither. Use the user local storage. The paths are listed in the Application object.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"
Make your ASP.NET applications run faster http://www.atozed.com/IntraWeb/
Hi Tom,
As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the registry
to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hello Steven,
If I do understand you well, storing such information in the application's
binary file, require re-compilation for each change in these variables. What
I actually want is to provide the the ability to add and remove modules
dinamically, without creating a different installation / exe file per each
version. Did I get you well?
Thanks!
Tom.
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:ur****************@TK2MSFTNGXA01.phx.gbl... Hi Tom,
As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the registry
to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in
the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
A bit confusing ?
You could have just those modules in a directory and load them if available
or list them in the config file...
Do you mean you should have a mean to enable/disable the module. Past
applications protected with dongle were using an identifier for each module
combined together with an expiration date and giving a last result...
Each time the user wants to add a module you issue them the new result of
this computation else they are not recognized...
Not sure what is the exact question ?
Patrice
--
"Tom Rahav" <to******@nospam.nospam> a écrit dans le message de
news:Oa**************@tk2msftngp13.phx.gbl... Hello Steven,
If I do understand you well, storing such information in the application's
binary file, require re-compilation for each change in these variables.
What I actually want is to provide the the ability to add and remove modules
dinamically, without creating a different installation / exe file per each
version. Did I get you well?
Thanks!
Tom.
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:ur****************@TK2MSFTNGXA01.phx.gbl... Hi Tom,
As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the
registry to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in
the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Thanks for Patrice's input.
Hi Tom,
Yes, injecting info in application's binary file dynamically in runtime is
diffcult(need to use raw win32 API) and this is even impossible in .net
world when we strong-named our assembly. Anyway, for your scenario, I think
you can put those info in a separtae binary file, and to make it more
secure, I suggest you perform encryption and digitsign on them.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
If the information is User- or Computer dependent use the registry,
otherwise use the application's directory.
"Tom Rahav" <to******@nospam.nospam> schrieb im Newsbeitrag
news:Ok**************@tk2msftngp13.phx.gbl... Hi!
I need to store some information about my application, such as trail
version limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a binary file in the application's directory. My question is more aimed
to the security issues, because I don't face performence as problem, since
I need it just what the apllication starts.
Thanks!
Tom Rahav.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Edward K. Ream |
last post by:
The docs for 2.2 and 2.3 contain a "What's new" section.
Are there any such sections for 2.0 and 2.1? If so, where are they?
Thanks.
Edward...
|
by: Ajax Chelsea |
last post by:
can not the "static const int" be replaced by "static enum" anywhere?
is it necessary that define special initialization syntax for "static const int"?
|
by: Alessandro Bottoni |
last post by:
Is there any module or interface that allow the programmer to access a
imap4/pop3 server in a more pythonic (or Object Oriented) way than the
usual imaplib and popolib?
I mean: is there any...
|
by: junky_fellow |
last post by:
Which is better using a switch statement or the if-then equivalent
of switch ?
|
by: Tom Rahav |
last post by:
Hi!
I need to store some information about my application, such as trail version
limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a...
|
by: john_sips_tea |
last post by:
Just tried Ruby over the past two days. I won't bore you
with the reasons I didn't like it, however one thing really
struck me about it that I think we (the Python community)
can learn from.
...
|
by: Yang Zhang |
last post by:
Anybody know how I can bootstrap-build lzz? The website is down, and
the SF project only contains the lzz source (lzz is self-hosting).
Also, are there any newer/better tools along the same...
|
by: CF FAN |
last post by:
which one is better "eq" or "is" in coldfusion
<cfif test eq "1">
or
<cfif test is "1">
which one is more effective??
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
