468,290 Members | 2,063 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,290 developers. It's quick & easy.

Resource file security

I have included a text file as a resource file in my VS 2003 c++
project.
Hexedit of my .exe files showed the resource file as it is i.e as a
straight
text file while the rest of the exe was binary code. I connect to the
database using
ODBC using this script in this exe and could change my sql statement in
hexedit
to cause damage to the DB.
Since this peoject is going to be distributed to customers I have to
provide
some encryption or security for this resource file.
Is there any property for the resource file that could provide minimal
security ?
Any ideas will be appreciated.

Nov 15 '06 #1
2 1317
I have included a text file as a resource file in my VS 2003 c++
project.
Hexedit of my .exe files showed the resource file as it is i.e as a
straight
text file while the rest of the exe was binary code. I connect to the
database using
ODBC using this script in this exe and could change my sql statement in
hexedit
to cause damage to the DB.
Since this peoject is going to be distributed to customers I have to
provide
some encryption or security for this resource file.
Is there any property for the resource file that could provide minimal
security ?
Any ideas will be appreciated.
Hi,
1) the DB account should only be allowed to do the things it has to do. i.e.
things like 'drop table' should be impossible for that user.
2) change your app so that the user has to enter the password in a text box,
you can then encrypt that info into a file, and read it next time.
3) only allow access through stored procedures if possible.
4) encrypt the text file before you add it as a resource, and decrypt it at
runtime. This is still not perfectly safe, since you cannot change the
password after building the app.

--
Kind regards,
Bruno.
br**********************@hotmail.com
Remove only "_nos_pam"

Nov 15 '06 #2
"lavu" wrote:
I have included a text file as a resource file in my VS 2003 c++
project.
Hexedit of my .exe files showed the resource file as it is i.e as a
straight
text file while the rest of the exe was binary code. I connect to the
database using
ODBC using this script in this exe and could change my sql statement in
hexedit
to cause damage to the DB.
Since this peoject is going to be distributed to customers I have to
provide
some encryption or security for this resource file.
Is there any property for the resource file that could provide minimal
security ?
Any ideas will be appreciated.
Some ideas (besides of Brunos's reply)
- Learn the best practices of security; some pointers:
http://msdn.microsoft.com/msdnmag/is.../SecureHabits/
- Binary is not an obstacle at all. Somebody can disassemble
your code and monitor communication between your app and the server.

--PA

Nov 16 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Ron Vecchi | last post: by
3 posts views Thread by Bern | last post: by
1 post views Thread by Peter Strĝiman | last post: by
7 posts views Thread by Madison | last post: by
4 posts views Thread by Jason Pettys | last post: by
reply views Thread by OHM | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.