>>>>>>>Hi,
>>>>>>>
>>>>>>>I think almost every application has a configuration file that stores settings like application folder name, database folder name, and some other configuration settings. Currently I have them in a DBF table. Even though only user with certain permission privilege can access and change the setting - from within the application - anybody who knows how to use VFP can open this table and make a change. I want to change this table from DBF to an XML. Still the application access to the settings in this XML will be controlled by Admin password. But naturally anybody who knows how to use a Notepad will be able to open and make the change in this file. Mainly I want to give users ability to make the change without my assistance (if the person with admin password left or forgot his/her password). Do you think that having "unprotected" configuration file - XML - is a bad or good approach?
>>>>>>>TIA for any suggestions.
>>>>>>
>>>>>>You are probably more secure using a DBF file rather than XML. At least with DBF the casual user is somewhat limited in tools that will allow him to open and edit the settings.
>>>>>>
>>>>>>Make sure the your config file is readonly for anyone other than administrators (using windows permissions).
>>>>>
>>>>>You are right. But I am a one-man shop and I am concerned that if I am on vacation or traveling or win a lottery (I wish) the customers will get stuck at some point in time. And I am trying to make it easier for them for possible case if/when they may need to make the changes.
>>>>
>>>>Even though I have not tried this, But instead of Read-only, you set the Hidden attribute. If they can see it in Explorer, they will not be attempted to change it.
>>>
>>>Thank you for the suggestion. I will test it.
>>
>>Also consider encryption.
>
>The encryption will be done to only one field/tag of the XML, the password. The other settings really do not need to be encrypted.
Here Fox class to perform Encryption / Decryption
DEFINE CLASS vfpCrypt AS VFPbase
PROCEDURE Crypt
LPARAMETERS tcStr, tcPassword
LOCAL lnStrLen, lnPassLen, lnPassNum, laPassword[1,2], lcPassword
LOCAL lcStrOut, lnPassPos, lnNum01, lcStrOut, lnInPos, lnPassPos
IF TYPE("tcStr") <> "C" ;
OR TYPE("tcPassword") <> "C" ;
OR LEN(tcPassword) < PW_MIN_LEN
ERROR 11
ENDIF
lnStrLen = LEN(tcStr)
lcPassword = tcPassword + CHR(0)
lnPassLen = LEN(lcPassword)
DIMENSION laPassword[lnPassLen+1,2]
FOR lnPassPos=1 TO lnPassLen
laPassword[lnPassPos,2] = SUBSTR(lcPassword,lnPassPos,1)
laPassword[lnPassPos,1] = ASC(laPassword[lnPassPos,2])
ENDFOR
lnPassNum = INT((((THIS.CipherGetPnum(lcPassword)/997) - 1) % 254) + 1 )
lcStrOut = ""
lnPassPos = 1
FOR lnInPos=0 TO lnStrLen-1
lnNum01 = (( lnPassNum + (lnInPos - lnStrLen)) - 1)
lnPassNum = (ABS(lnNum01) % 254) * SIGN(lnNum01) + 1
lnByte = BITXOR( ASC(SUBSTR(tcStr,lnInPos+1,1)), ;
BITXOR(lnPassNum, laPassword[lnPassPos,1]))
lnByte = BITAND(lnByte, 0xFF)
lcStrOut = lcStrOut + IIF(lnByte = 0, SUBSTR(tcStr,lnInPos+1,1), CHR(lnByte))
lnPassPos = IIF( lnPassPos => lnPassLen, 1, lnPassPos + 1)
ENDFOR
RETURN lcStrOut
ENDPROC
PROCEDURE ENCRYPT
LPARAMETERS tcStr, tcPassword
RETURN THIS.Crypt(tcStr, tcPassword)
ENDPROC
PROCEDURE decrypt
LPARAMETERS tcStr, tcPassword
RETURN THIS.Crypt(tcStr, tcPassword)
ENDPROC
PROCEDURE CipherGetPnum(tcStr)
LOCAL liRet, lnPos
liRet = 1
FOR lnPos=0 TO LEN(tcStr ) - 1
liRet = liRet + ASC(SUBSTR(tcStr,lnPos+1,1)) + lnPos
ENDFOR
DO WHILE (liRet < PW_MIN_NUM)
liRet = BITLSHIFT(liRet,1)
ENDDO
RETURN liRet
ENDPROC
ENDDEFINE
Greg Reichert
