Home
>
WinDev Forum
>
Topic
WD24 - Hpass
Posted by AadG
|
WD24 - Hpass April 22, 2020 09:37AM |
Registered: 5 years ago Posts: 220 |
|
Re: WD24 - Hpass April 22, 2020 09:40AM |
Registered: 4 years ago Posts: 87 |
|
Re: WD24 - Hpass April 22, 2020 09:45AM |
Registered: 5 years ago Posts: 220 |
|
Re: WD24 - Hpass April 22, 2020 09:55AM |
Registered: 4 years ago Posts: 87 |
|
Re: WD24 - Hpass April 24, 2020 11:19AM |
Admin Registered: 5 years ago Posts: 501 |
Hi Aad,
there are encrypt / uncrypt. Do an encrypt outside the program, just to have the encrypted password string as a text. Put this one into the program as a constant like YourString is Ansi string = "&%GhatQQ". Then HPass(YourFileName, Uncrypt(YourString, MyCompanyName, cryptRC516, encodePCS))
Kind regards,
Guenter Predl
office@windev.at
there are encrypt / uncrypt. Do an encrypt outside the program, just to have the encrypted password string as a text. Put this one into the program as a constant like YourString is Ansi string = "&%GhatQQ". Then HPass(YourFileName, Uncrypt(YourString, MyCompanyName, cryptRC516, encodePCS))
Kind regards,
Guenter Predl
office@windev.at
|
Re: WD24 - Hpass April 24, 2020 11:43AM |
Registered: 5 years ago Posts: 220 |
|
Argus
Re: WD24 - Hpass April 24, 2020 04:32PM |
You are trying to prevent other developers working on your project to know the files password, and therefore be able to access your customers data...
If that is the case, then all the solutions above have the consequence of preventing your developers to use external tool (wdmap, hfcontrolcenter) to verify what's happening in the files...
Instead, I would suggest the following:
1. do not use customer data for your developers, but instead have a test DB containing only non confidential data
2. place the password, ENCRYPTED inside an ini file (or equivalent)... THIS WILL ALLOW YOU TO HAVE A DIFFERENT PASSWORD in development and in production... In your program use the decrypt method descibed above by Guenter.
3. give the password of the development database to your extra developers so that they can debug using all the tools, but only on the dev DB
4. create a small external tools to create the encrypted password/ini file and give the production version to whomever is in charge of crfeating the exe/installer
5. make sure that this production ini file is installed WITH the EXE.
You are the only one who can access the production DBs...
You can even, if necessary, have a different DB password per customer.
If that is the case, then all the solutions above have the consequence of preventing your developers to use external tool (wdmap, hfcontrolcenter) to verify what's happening in the files...
Instead, I would suggest the following:
1. do not use customer data for your developers, but instead have a test DB containing only non confidential data
2. place the password, ENCRYPTED inside an ini file (or equivalent)... THIS WILL ALLOW YOU TO HAVE A DIFFERENT PASSWORD in development and in production... In your program use the decrypt method descibed above by Guenter.
3. give the password of the development database to your extra developers so that they can debug using all the tools, but only on the dev DB
4. create a small external tools to create the encrypted password/ini file and give the production version to whomever is in charge of crfeating the exe/installer
5. make sure that this production ini file is installed WITH the EXE.
You are the only one who can access the production DBs...
You can even, if necessary, have a different DB password per customer.
|
Re: WD24 - Hpass April 24, 2020 05:00PM |
Registered: 5 years ago Posts: 220 |
Hi Argus,
Thank you for your response. The reason for this is, that the files are on VPS's. They can be hacked and privacy data wil be available for the bad guys. We, as hosters, are responsable for this data en will be prosecuted in case of data leakage (Dutch law AVG).
That's the only reason that we want to scramble the files. It sounds silly and most of the time it won't happen, but we have to prove to our customers that their data is dafe,
Best regards,
Aad
Edited 3 time(s). Last edit at 04/24/2020 05:04PM by AadG.
Thank you for your response. The reason for this is, that the files are on VPS's. They can be hacked and privacy data wil be available for the bad guys. We, as hosters, are responsable for this data en will be prosecuted in case of data leakage (Dutch law AVG).
That's the only reason that we want to scramble the files. It sounds silly and most of the time it won't happen, but we have to prove to our customers that their data is dafe,
Best regards,
Aad
Edited 3 time(s). Last edit at 04/24/2020 05:04PM by AadG.
|
Argus
Re: WD24 - Hpass April 24, 2020 08:07PM |