Hi Denis,
>In you reply to Jos you seem to say that crackers could get back meaningfull variable names?
only after you analyzed the code. If you see this code:
_2 = 0
For _1=1 to _1._23
_3 = _1(_1)._1 * _1(_1)._2
_2 = _2 + _3
Endfor
_2 = _2 * _1._1
after some time going through the code and debugging it you might figure out that this code calculates the total (_3) of an order (_1) collection. Once you figured out what the code does, you can start replacing the names:
lnTotal = 0
For lnItem=1 to loOrder.Count
lnItemTotal = loOrder(lnItem).nItemCount * loOrder(lnItem).ItemPrice
lnTotal = lnTotal + lnItemTotal
Endfor
lnTotal = lnTotal * loOrder.nTaxRate
You must go through the code in order to replace names. Even if you replaced the long names with short ones as I did in the first sample, the code isn't really more readable. Once the attacker discovered all the names, they could repeat this automatically with new versions. Hence, my recommendation to change the names and positions frequently.
--
Christof