Resource file security

  • Thread starter Thread starter lavu
  • Start date Start date
L

lavu

I have included a text file as a resource file in my VS 2003 c++
project.
Hexedit of my .exe files showed the resource file as it is i.e as a
straight
text file while the rest of the exe was binary code. I connect to the
database using
ODBC using this script in this exe and could change my sql statement in
hexedit
to cause damage to the DB.
Since this peoject is going to be distributed to customers I have to
provide
some encryption or security for this resource file.
Is there any property for the resource file that could provide minimal
security ?
Any ideas will be appreciated.
 
I have included a text file as a resource file in my VS 2003 c++
project.
Hexedit of my .exe files showed the resource file as it is i.e as a
straight
text file while the rest of the exe was binary code. I connect to the
database using
ODBC using this script in this exe and could change my sql statement in
hexedit
to cause damage to the DB.
Since this peoject is going to be distributed to customers I have to
provide
some encryption or security for this resource file.
Is there any property for the resource file that could provide minimal
security ?
Any ideas will be appreciated.
Click to expand...

Hi,
1) the DB account should only be allowed to do the things it has to do. i.e.
things like 'drop table' should be impossible for that user.
2) change your app so that the user has to enter the password in a text box,
you can then encrypt that info into a file, and read it next time.
3) only allow access through stored procedures if possible.
4) encrypt the text file before you add it as a resource, and decrypt it at
runtime. This is still not perfectly safe, since you cannot change the
password after building the app.
 
lavu said:
I have included a text file as a resource file in my VS 2003 c++
project.
Hexedit of my .exe files showed the resource file as it is i.e as a
straight
text file while the rest of the exe was binary code. I connect to the
database using
ODBC using this script in this exe and could change my sql statement in
hexedit
to cause damage to the DB.
Since this peoject is going to be distributed to customers I have to
provide
some encryption or security for this resource file.
Is there any property for the resource file that could provide minimal
security ?
Any ideas will be appreciated.
Click to expand...

Some ideas (besides of Brunos's reply)
- Learn the best practices of security; some pointers:
http://msdn.microsoft.com/msdnmag/issues/06/11/SecureHabits/
- Binary is not an obstacle at all. Somebody can disassemble
your code and monitor communication between your app and the server.

--PA
 
Back
Top