>>>>I use a couple of fields in the users tables and do a check sum on the 2
>>-- see sys(2007) in VFP help. Then do a comparison within my code to make
>>sure the fields have not been tampered with. If tampering detected, I
>>terminate the application and have the app send me a Netware message.
>>>
>>>thanks Mark - I will check it out... :)
>>
>>Sounds like a good idea...I would still run the sys(2007) return value
>>through a formula so it wouldn't be easy to crack for someone with the
>>checksum formula, or someone with FoxPro who is aware of the sys(2007)
>>function....
>
>I don't see the need for reverting the checksum into original value -
>simply run the formula on the user's input and compare that with what's
>in the table, so the original value never gets written or reconstructed
>anywhere, as is the normal procedure with passwords and similar stuff.
>
>Another neat trick is that you don't run sys(2007) on bare user's
>string, but add your string before it, possibly scrambled like
>chr(pi()**2.89714)+prog(1) (so it doesn't appear as a constant
>nowhere in your code), or something equally obscure.
"reverting the checksum into original value"...(?)
You can't get the original string from the checksum...
I was simply suggesting not storing just the bare checksum...
Joe
Joseph C. Kempel
Systems Analyst/Programmer
JNC