I'm on a roll today.
This is a question that I have been meaning to ask for a long time now but never got around to it until now:
Has anybody tried to use the Encrypt() and Decrypt() FWH Functions to stop prying eyes looking at a clients data?
I would imagine that to a hacker cracking this encryption would be easy but it would certainly make it a lot more difficult for your average user who is able to open a database file with dBASE / Clipper's DBU.EXE or use DOS TYPE or EDIT.EXE to view or print the data.
This is a feature of BTrieve / Pervasive SQL i.e. if you do not know the actual file structure of a file it is pretty difficult to reconstruct the data and even with that information there are very few utilities out there (that actually work) that will enable you to actually view the data in a readable form. Using BTrieve / Pervasive SQL is a route that I will never follow again however (it is extremly cumbersome and slow in my opinion). Unforuanately the file structure of a dBASE (FWH) database is pretty much easy to see so there is no protection there. The only thing that you can do is try to encrypt the data.
So far the only (potential) problems I can see would be with FoxPro Indexes etc. etc.
Any thoughts on this?
Regards,
Dale.
Data Encryption
- reinaldocrespo
- Posts: 918
- Joined: Thu Nov 17, 2005 5:49 pm
- Location: Fort Lauderdale, FL
dpaterso,
AFAIK using ADS server is the best and only real solution. Once data is owned by the ADS deamon/service users will simply not have access to the dbfs/ntxs/cdxs files and/or directories. Futhermore, fields in a dbf or the full dbf can be encrypted and only viewed from an application using the ADS RDDS and the decryption password.
I've always been worried of a curious-minded user who starts wondering through the server's hd and decides to erase files to see what happens. With ADS it's just not possible. It seems very secure.
Regards,
Reinaldo.
AFAIK using ADS server is the best and only real solution. Once data is owned by the ADS deamon/service users will simply not have access to the dbfs/ntxs/cdxs files and/or directories. Futhermore, fields in a dbf or the full dbf can be encrypted and only viewed from an application using the ADS RDDS and the decryption password.
I've always been worried of a curious-minded user who starts wondering through the server's hd and decides to erase files to see what happens. With ADS it's just not possible. It seems very secure.
Regards,
Reinaldo.
Thanks for the reply.
I have not ever even tried to use ADS Server (although I'm sure that I'll get it sometime).
I appreciate your input.
I was just thinking about a simple encryption like Encrypt() just to sort of scramble the data so that a user that has a basic knowledge of DOS commands cannot go and TYPE a database or use DBU or any other of these utilities to go and change data. If they are bent on wiping out the entire file then they will do that but they will at least never know what was in the file (and hopefully a backup exists).
The main concern for the developer would be to ensure that the index keys are not messed up but I think I need to give this a try.
Any other thoughts from anyone?
Regards,
Dale.
I have not ever even tried to use ADS Server (although I'm sure that I'll get it sometime).
I appreciate your input.
I was just thinking about a simple encryption like Encrypt() just to sort of scramble the data so that a user that has a basic knowledge of DOS commands cannot go and TYPE a database or use DBU or any other of these utilities to go and change data. If they are bent on wiping out the entire file then they will do that but they will at least never know what was in the file (and hopefully a backup exists).
The main concern for the developer would be to ensure that the index keys are not messed up but I think I need to give this a try.
Any other thoughts from anyone?
Regards,
Dale.
- Antonio Linares
- Site Admin
- Posts: 37481
- Joined: Thu Oct 06, 2005 5:47 pm
- Location: Spain
- Contact: