Data Encryption

Data Encryption

Postby dpaterso » Fri Feb 10, 2006 11:34 am

I'm on a roll today.

This is a question that I have been meaning to ask for a long time now but never got around to it until now:

Has anybody tried to use the Encrypt() and Decrypt() FWH Functions to stop prying eyes looking at a clients data?

I would imagine that to a hacker cracking this encryption would be easy but it would certainly make it a lot more difficult for your average user who is able to open a database file with dBASE / Clipper's DBU.EXE or use DOS TYPE or EDIT.EXE to view or print the data.

This is a feature of BTrieve / Pervasive SQL i.e. if you do not know the actual file structure of a file it is pretty difficult to reconstruct the data and even with that information there are very few utilities out there (that actually work) that will enable you to actually view the data in a readable form. Using BTrieve / Pervasive SQL is a route that I will never follow again however (it is extremly cumbersome and slow in my opinion). Unforuanately the file structure of a dBASE (FWH) database is pretty much easy to see so there is no protection there. The only thing that you can do is try to encrypt the data.

So far the only (potential) problems I can see would be with FoxPro Indexes etc. etc.

Any thoughts on this?

Regards,

Dale.
dpaterso
 
Posts: 142
Joined: Tue Jan 24, 2006 9:45 am
Location: South Africa

Postby reinaldocrespo » Sat Feb 11, 2006 3:40 pm

dpaterso,

AFAIK using ADS server is the best and only real solution. Once data is owned by the ADS deamon/service users will simply not have access to the dbfs/ntxs/cdxs files and/or directories. Futhermore, fields in a dbf or the full dbf can be encrypted and only viewed from an application using the ADS RDDS and the decryption password.

I've always been worried of a curious-minded user who starts wondering through the server's hd and decides to erase files to see what happens. With ADS it's just not possible. It seems very secure.

Regards,


Reinaldo.
User avatar
reinaldocrespo
 
Posts: 979
Joined: Thu Nov 17, 2005 5:49 pm
Location: Fort Lauderdale, FL

Postby dpaterso » Sun Feb 12, 2006 5:52 am

Thanks for the reply.

I have not ever even tried to use ADS Server (although I'm sure that I'll get it sometime).

I appreciate your input.

I was just thinking about a simple encryption like Encrypt() just to sort of scramble the data so that a user that has a basic knowledge of DOS commands cannot go and TYPE a database or use DBU or any other of these utilities to go and change data. If they are bent on wiping out the entire file then they will do that but they will at least never know what was in the file (and hopefully a backup exists).

The main concern for the developer would be to ensure that the index keys are not messed up but I think I need to give this a try.

Any other thoughts from anyone?

Regards,

Dale.
dpaterso
 
Posts: 142
Joined: Tue Jan 24, 2006 9:45 am
Location: South Africa

Postby Antonio Linares » Sun Feb 12, 2006 8:12 am

Dale,

We have not tried this, but you may do:

INDEX ON ... FOR Decrypt( Alias->fieldname )

assuming that the data in Alias->fieldname is already Encrypt()ed.

Though then the index should be reviewed with a binary viewer, to see if the keys are readable.
regards, saludos

Antonio Linares
www.fivetechsoft.com
User avatar
Antonio Linares
Site Admin
 
Posts: 42099
Joined: Thu Oct 06, 2005 5:47 pm
Location: Spain


Return to FiveWin for Harbour/xHarbour

Who is online

Users browsing this forum: No registered users and 83 guests