Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Encrypting a few fields
Message
From
08/02/2018 14:12:31
Thomas Ganss
Main Trend
Frankfurt, Germany
 
 
To
08/02/2018 13:26:50
Albert Gostick
Kincardine, Ontario, Canada
General information
Forum:
Visual FoxPro
Category:
Coding, syntax & commands
Title:
Re: Encrypting a few fields
Environment versions
Visual FoxPro:
VFP 9 SP2
OS:
Windows Server 2012 R2
Network:
Windows Server 2012 R2
Database:
Visual FoxPro
Application:
Desktop
Virtual environment:
VMWare
Miscellaneous
Thread ID:
01658009
Message ID:
01658015
Views:
78
Easiest: run app/exe not in runtime, but dev, force error (rename table) and prompt/debug away.
Try for typical vfp backdoors or set up keyb shortcuts hoping not all are cleared on program start
Or for the more machine inclined:
run vfp runtime in a debug mode assembler /C++ debugger
perhaps inject something in a .dbc, if they exist
if external programs exist, add to them / decompile thems
inject own classes into class hierarchy, if you worked years ago on the program or know the fwk used to create it



>what do you mean by "hook your program" - just so I understand.
>
>>Unless forced by gov regulation or customer, don't.
>>While the .dbf is partially encrypted, this wiil stop ONLY those trying to read in the .dbf via Excel or similar stuff.
>>Someone determined to get your data will hook your program and get access of all info within minutes.
>>Hardening the vfp exe needs more than Refox - if you went to vfp C++ compiler, table encryption might nake sense-
>>
>>Otherwise depend on customer IT to block all areas except Windows-encrypted ones for the groups using your stuff.
>>If done well gives you better security, if botched: not your fault ;-)))
>>
>>
>>>I only need to encrypt a few fields within the entire application - do not need a rewrite of the entire app into SQL server etc. The customer just has a few "sensitive" fields that they would like encrypted.
>>>
>>>I have read about Craig Boyd's vfpencryption71.fll and it seems to wrap to all the current encryption standards (correct me if I am wrong) but his blog stops in 2010 so not sure if there are any newly found bugs in this dll that might not be fixed. I have also looked at Rick Strahl's class (which I have) which wraps .net functions and encrypts with TripleDES - in this case, not sure yet if this is secure enough (no guidance from the customer and I just don't know enough about encryption to make the reccommendation).
>>>
>>>Are there any other classes etc out there that provide the AES256 encryption mechanisms?
>>>
>>>Again, just want to replace the contents of a few fields with an encrypted value.
>>>
>>>Thanks,
>>>Albert
Previous
Reply
Map
View

Click here to load this message in the networking platform