Retail POS

www.pcland.com.pk

Sunday, 6 April 2014

How to Hide Password of Vfp REMOTE VIEWS in DBC

VFP Remote data Views are accessed  via stored  name connection string  in DBC with "Create Connection" command in plain text format.By default VFP stored connection string  have no protection/native way to be secured by developer for security.

Any one can with a little bit knowledge of VFP programming can easily read 'password' from VFP Command window by opening database.




Programmatic Solution

Here is simple & easy way to protect your Connection string in external file Programmatically with two custom written functions encode_dbcon function, decode_dbcon function.

Description  & Usage


encode_dbcon function saves all your created connection from DBC to external text delimited file and deletes all connections from DBC permanently. After saving to file any external encrypting/decrypting utility/DLL (i.e cipher.exe, ) can be used  with your own 'Password' to more encrypt external created file to protect from reading.


decode_dbcon function: use this function  in your application main program before opening your DBC programmatically or accessing DBC from data environment. your Exe/App will call decode_dbcon function.
which will decrypt your saved file with your  password save in exe/app, then will import all connections from decrypted text file into DBC before opening it.
 

Code bellow is for your concept only not full utility, you can modify it according to your concept. 
*********************************************
*  Hide/Protect DBC Remote connections/string 
*  Author:    Zia Mughal (2012)
*  Copy right (R) Pcland Software inc. Pakistan
*********************************************
SET SAFETY off
SET CONFIRM OFF
CLOSE DATABASES 

****example to Save existing All connections to file
IF encode_dbcon('prs.dbc') = .f.
 WAIT WINDOW "No Remote Connections/Error Saving"
RETURN 
ELSE
WAIT WINDOW "Successfulyy saved All Connections"
ENDIF

*** Retrieve connections from protected file, 
IF decode_dbcon('prs.dbc') = .f.
 WAIT WINDOW "Error Retriving Connections"
RETURN 
ELSE
WAIT WINDOW "Successfulyy Restored All Connections"
ENDIF


**************************
FUNCTION encode_dbcon
PARAMETERS lcfile
***************************
LOCAL llresult
STORE .f. TO llresult
IF !FILE(lcfile)
 RETURN .f.
ENDIF

 USE &lcfile ALIAS prs IN 1
 
 LOCATE FOR objecttype='Connection'  && .AND. ObjectName='Connect1'
IF found()
STORE .t. TO llresult
***** use filter for only one connection or All connection to save
COPY TO csave.txt FOR objecttype='Connection' && .AND. ObjectName='Connect1'
** here use any file protection utility to protect csave.txt
** cepher csave.txt mypassword
   DELETE 
 PACK
ELSE
STORE .f. TO llresult
ENDIF
USE
RETURN llresult
ENDFUNC

***************************
FUNCTION decode_dbcon
PARAMETERS lcfile
***************************
LOCAL llresult
STORE .f. TO llresult
IF !FILE(lcfile)
 RETURN llresult
ENDIF

 USE &lcfile ALIAS prs IN 1
IF ! EOF()
 GO bott
ENDIF
** if file is protected with any utility then, decode it
** first before append
** e.g. cepher -d '12345' csave.txt 
APPEND FROM csave.txt
    llresult = .t.
RETURN llresult
ENDFUNC
************************ 

Thanks for bearing me here! Hope it will help you.

Cheers & Regards

No comments:

Post a comment