General information
Category:
Third party products
You could get the MD5 hash of the DLL and check it in your code against the DLL in disk. If they do not match you just spot a message to the user.
I use this technique to check if users have modified external reports to avoid code injection in the dataEnvironment, and it has worked for me.
>Hi Craig
>
>iro your VFP encryption library - because one needs to pass the password to the encryption/decryption routines would an attacker not find it quite easy to substiute their own dll/fll for yours and then intercept the password when the routines get called? Is this a possibility for attack? If so, is there a way around this perhaps by setting up the password in the main app and the dll/fll looking for it under a static variable name or something like that? Or do you feel this an unlikely scenario?
>
>Thanks.
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only