VFP Remote data Views are accessed via stored name connection string in DBC with "Create Connection" command in plain text format.By default VFP stored connection string have no protection/native way to be secured by developer for security.
Any one can with a little bit knowledge of VFP programming can easily read 'password' from VFP Command window by opening database.
Programmatic Solution
Here is simple & easy way to protect your Connection string in external file Programmatically with two custom written functions encode_dbcon function, decode_dbcon function.
Description & Usage
encode_dbcon function saves all your created connection from DBC to external text delimited file and deletes all connections from DBC permanently. After saving to file any external encrypting/decrypting utility/DLL (i.e cipher.exe, ) can be used with your own 'Password' to more encrypt external created file to protect from reading.
decode_dbcon function: use this function in your application main program before opening your DBC programmatically or accessing DBC from data environment. your Exe/App will call decode_dbcon function.
which will decrypt your saved file with your password save in exe/app, then will import all connections from decrypted text file into DBC before opening it.
Code bellow is for your concept only not full utility, you can modify it according to your concept.
Thanks for bearing me here! Hope it will help you.
Cheers & Regards
Any one can with a little bit knowledge of VFP programming can easily read 'password' from VFP Command window by opening database.
Programmatic Solution
Here is simple & easy way to protect your Connection string in external file Programmatically with two custom written functions encode_dbcon function, decode_dbcon function.
Description & Usage
encode_dbcon function saves all your created connection from DBC to external text delimited file and deletes all connections from DBC permanently. After saving to file any external encrypting/decrypting utility/DLL (i.e cipher.exe, ) can be used with your own 'Password' to more encrypt external created file to protect from reading.
decode_dbcon function: use this function in your application main program before opening your DBC programmatically or accessing DBC from data environment. your Exe/App will call decode_dbcon function.
which will decrypt your saved file with your password save in exe/app, then will import all connections from decrypted text file into DBC before opening it.
Code bellow is for your concept only not full utility, you can modify it according to your concept.
********************************************* * Hide/Protect DBC Remote connections/string * Author: Zia Mughal (2012) * Copy right (R) Pcland Software inc. Pakistan ********************************************* SET SAFETY off SET CONFIRM OFF CLOSE DATABASES ****example to Save existing All connections to file IF encode_dbcon('prs.dbc') = .f. WAIT WINDOW "No Remote Connections/Error Saving" RETURN ELSE WAIT WINDOW "Successfulyy saved All Connections" ENDIF *** Retrieve connections from protected file, IF decode_dbcon('prs.dbc') = .f. WAIT WINDOW "Error Retriving Connections" RETURN ELSE WAIT WINDOW "Successfulyy Restored All Connections" ENDIF ************************** FUNCTION encode_dbcon PARAMETERS lcfile *************************** LOCAL llresult STORE .f. TO llresult IF !FILE(lcfile) RETURN .f. ENDIF USE &lcfile ALIAS prs IN 1 LOCATE FOR objecttype='Connection' && .AND. ObjectName='Connect1' IF found() STORE .t. TO llresult ***** use filter for only one connection or All connection to save COPY TO csave.txt FOR objecttype='Connection' && .AND. ObjectName='Connect1' ** here use any file protection utility to protect csave.txt ** cepher csave.txt mypassword DELETE PACK ELSE STORE .f. TO llresult ENDIF USE RETURN llresult ENDFUNC *************************** FUNCTION decode_dbcon PARAMETERS lcfile *************************** LOCAL llresult STORE .f. TO llresult IF !FILE(lcfile) RETURN llresult ENDIF USE &lcfile ALIAS prs IN 1 IF ! EOF() GO bott ENDIF ** if file is protected with any utility then, decode it
** first before append ** e.g. cepher -d '12345' csave.txt APPEND FROM csave.txt llresult = .t. RETURN llresult ENDFUNC
************************
Thanks for bearing me here! Hope it will help you.
Cheers & Regards
No comments:
Post a Comment