Jos:

A thousand pardons for butting in but you raise a good point with regards to VFP and any encryption routine that requries passwords, encryption strings, etc. VFP is so blazingly easy to decompile that even without resorting to substituting a DLL, or FLL, a hacker could figure out the password. I started using MoleBox to encrypt the executable, and DLLs, in order to get around this vulnerability. An added benefit was getting rid of component registration issues and the whole package shrank in size by about 60%.

Sorry for the interruption,

Scott

>Hi Craig
>
>iro your VFP encryption library - because one needs to pass the password to the encryption/decryption routines would an attacker not find it quite easy to substiute their own dll/fll for yours and then intercept the password when the routines get called? Is this a possibility for attack? If so, is there a way around this perhaps by setting up the password in the main app and the dll/fll looking for it under a static variable name or something like that? Or do you feel this an unlikely scenario?
>
>Thanks.