Information générale
Catégorie:
Produits tierce partie
You could get the MD5 hash of the DLL and check it in your code against the DLL in disk. If they do not match you just spot a message to the user.
I use this technique to check if users have modified external reports to avoid code injection in the dataEnvironment, and it has worked for me.
>Hi Craig
>
>iro your VFP encryption library - because one needs to pass the password to the encryption/decryption routines would an attacker not find it quite easy to substiute their own dll/fll for yours and then intercept the password when the routines get called? Is this a possibility for attack? If so, is there a way around this perhaps by setting up the password in the main app and the dll/fll looking for it under a static variable name or something like that? Or do you feel this an unlikely scenario?
>
>Thanks.
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement