General information
Category:
Coding, syntax & commands
Environment versions
OS:
Windows Server 2012 R2
Network:
Windows Server 2012 R2
Virtual environment:
VMWare
Easiest: run app/exe not in runtime, but dev, force error (rename table) and prompt/debug away.
Try for typical vfp backdoors or set up keyb shortcuts hoping not all are cleared on program start
Or for the more machine inclined:
run vfp runtime in a debug mode assembler /C++ debugger
perhaps inject something in a .dbc, if they exist
if external programs exist, add to them / decompile thems
inject own classes into class hierarchy, if you worked years ago on the program or know the fwk used to create it
>what do you mean by "hook your program" - just so I understand.
>
>>Unless forced by gov regulation or customer, don't.
>>While the .dbf is partially encrypted, this wiil stop ONLY those trying to read in the .dbf via Excel or similar stuff.
>>Someone determined to get your data will hook your program and get access of all info within minutes.
>>Hardening the vfp exe needs more than Refox - if you went to vfp C++ compiler, table encryption might nake sense-
>>
>>Otherwise depend on customer IT to block all areas except Windows-encrypted ones for the groups using your stuff.
>>If done well gives you better security, if botched: not your fault ;-)))
>>
>>
>>>I only need to encrypt a few fields within the entire application - do not need a rewrite of the entire app into SQL server etc. The customer just has a few "sensitive" fields that they would like encrypted.
>>>
>>>I have read about Craig Boyd's vfpencryption71.fll and it seems to wrap to all the current encryption standards (correct me if I am wrong) but his blog stops in 2010 so not sure if there are any newly found bugs in this dll that might not be fixed. I have also looked at Rick Strahl's class (which I have) which wraps .net functions and encrypts with TripleDES - in this case, not sure yet if this is secure enough (no guidance from the customer and I just don't know enough about encryption to make the reccommendation).
>>>
>>>Are there any other classes etc out there that provide the AES256 encryption mechanisms?
>>>
>>>Again, just want to replace the contents of a few fields with an encrypted value.
>>>
>>>Thanks,
>>>Albert
Previous
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only