Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Place to hook in encryption
Message
 
To
19/01/2004 15:02:29
John Ryan
Captain-Cooker Appreciation Society
Taumata Whakatangi ..., New Zealand
General information
Forum:
Visual FoxPro
Category:
Databases,Tables, Views, Indexing and SQL syntax
Title:
Re: Place to hook in encryption
Miscellaneous
Thread ID:
00868101
Message ID:
00868388
Views:
14
>Paul
>
>If you're talking local tables, Cryptor is fairly simple to implement- all you need to do is instantiate the library, identify the table/folder you want encrypted, and cryptor encrypts/decrypts seamlessly as you read and write data - i.e. no need to change your app at all except to load and release the library.
>
>For C/S or if the above isn't what you need, you can use the encryption class library that comes as a VFP sample in the Gallery to encrypt and decrypt fields. You will need to add logic to your code, also make sure you are using IMAGE rather than text fields to save the encrypted (binary) data. We also saw major headaches when MS changed the encryption between Win2000 and WinXP, but overall this works well.
>

Thanks for the feedback. I've already got the encryption stuff done (Yeah, I'm already using the FFC crypto classes). Thankfully I have control over the OS this stuff is installed on so I shouldn't have any issues with OS versions (famous last words...). All the data is local, so sending it over the network decrypted isn't an issue. I'll look at Cryptor and see if that's the way we want to go. One of the big things is that we need to easily be able to send updates which changes the encryption key (eg. ship over a small table).

To be honest, I'm mostly worried about theft of the actual machine (a notebook) than anything else. I want to make sure that they won't be able to get at the actual data. I'm guessing Crypto requires the key(s) to be embedded inside the application somehow, which means that if they have access to the software, they've got access to the data (even if indirectly). I guess I'll have to take a real close look at how it works.

My plan was to have the user log in with a password (that can be changed regularly). The MD5 hash of the password gets compared against a stored hash of the same password. If the two match, I know they entered the correct password. Now I can store off the unencrypted password in a object property. The password becomes the encryption key to the data. This way I'm not storing either the data or encryption key directly in the application - it's only available while the notebook is powered on (yeah, it'll also stick around if the notebook is "sleeping"). However, once it's powered off, there isn't anyway to recover either the data or encryption key w/o having the password.
-Paul

RCS Solutions, Inc.
Blog
Twitter
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform