Showing results for 
Search instead for 
Do you mean 
Community Home Request Access Read Blogs Share Your Ideas Search Community View My Settings
Reply
Tuned Listener
Posts: 67
Registered: ‎11-29-2011

Password protection in source code

Hi,

 

I am using Architect and I need to pass in a username and password in my VB Source code to mount a network directory. Is there any way I can protect the password in the source code? Otherwise anyone has the access to the source code will see the password. It is a big security concern.

 

Can anyone give me any help?

 

Thanks a lot!

Highlighted
Bronze Super Contributor
Posts: 129
Registered: ‎06-09-2009

Re: Password protection in source code

Indeed it would be a very poor design to store a Password on your Source Code for many reasons.

 

First of all, as you mentioned, the fact that anyone with access to your Source Code will have access to the Password.

Second, code maintenance. If the password changes, someone would have to update your Source Code.

Third, if the password changes and no one remembers to update the code, it could lock the account, and if it is a shared account across other services it may "break" other applications.

 

There may be several options on how to do this:

a) Don't store it, prompt for it. Although a bit tedious for the User to have to Input this information over and over, this may be the best approach (from a Security Stand Point).

b) Store it on a Table and use Encryption (you may have to build your own Encryption routines)

 

That said, keep in mind the following about SLX LAN Source Code:

 

a) It is stored in a BLOB field inside the Database in a Binary Format.

b) The Password on which it is stored is Password Protected 

c) At a DB level, someone would need to know what tables to look into, what Item (Script, Form, etc), how to read out the Binary Blob, etc. All of that on top of knowing the sysdba password, so this may be a job for an SLX Pro....

d) The program used to Retrieve the Source Code (SLX Architect) is password protected. As long as you don't share out your SLX Password you should have little problem with someone having direct access to the Password in a Reading Format.

 

 

Off course, all stated above goes out the Window if you allow users to do Script Debugging. If enabled,a Power User may be able to fetch your scripts into a Debugger and just read the code out of it.

 

 

Bottom line, find an alternate way,

There are simple approaches that can keep you safe, if anything because of the obscurity of your Method (e.g. Base64 Encoding + Character Code Shifting).

 

 

 

 

Raul A. Chavez
http://raul.chavez.com
http://www.crmbi.com