Re: Encrypt or hide the config in ini file

Carlos wrote:
I want prevent user can get the ini file and get all password, Ip etc.
I talk by simple user. Ok, It seem a light secure solution but I don´t need
protection for hackers :).

Wrong, wrong, wrong. The fact that the typical user of your software is "simple" doesn't imply that you don't need protection from professional crackers. You might or might need it, but that is just not a valid reason. It only takes a single atypical user, or that one of your typical users hires a professional, for your system to become compromised.

Here are a couple of *valid* reasons why you would not need strong protection:

1. The value of the data stored by the server is negligleble. You couldn't care less if someone unauthorized logs in and reads all data, deletes all tables, reconfigures it and posts large quantities of garbage to it. The cost such an event would cause you is simply lower than the cost for making it technically impossible for them to do so.

2. Your client software will only be distributed to the people who pay you for maintaining the database; all of your users form a single legal entity (e.g. they are all employed by the same company); and each one of them has the right to browse, modify and delete any data posted by any other user. If they deliberately screw up the database, it is also they who will pay you for cleaning up the mess.


My scenario is:

1.- App start
2.- Read from INI IP, DataBase name, user and password
3.- App connect with the server
4.- App show User/password dialog managed by the app (no real database user)

The *right* way to achieve that is to use a middle-tier architecture. The middle-tier should be running server side and be the only application that has access to the actual DB server connection string. The client user should use the client software to log in to the middle-tier server. The business code you now have in the client software should move to the middle-tier.
.

Relevant Pages

  • Re: Prolog on a web server
    ... thrilled if you wanted to load it all into server VM:-/ ... rapidly build yourself a desktop app (Delphi? ... As for Prolog, it could surely be the basis of a decent ... grown-up database query language (an open standard dialect ...
    (comp.lang.prolog)
  • Re: Python Database Apps
    ... It's gonna be a desktop app. ... so that I don't need a database server on the client side. ... If you have an offline mode then the most important thing to work out ...
    (comp.lang.python)
  • Re: HELP PLEASE - need app to modify multiple MDB table designs simultaneously
    ... ONE database runs ONE application and EACH ... application runs only ONE web site and it work great this way. ... particular app, it would not be efficient to have ONE application run ALL ... web sites on my server. ...
    (microsoft.public.vb.com)
  • Re: HELP PLEASE - need app to modify multiple MDB table designs simultaneously
    ... ONE database runs ONE application and EACH ... application runs only ONE web site and it work great this way. ... particular app, it would not be efficient to have ONE application run ALL ... web sites on my server. ...
    (microsoft.public.inetserver.asp.db)
  • Re: HELP PLEASE - need app to modify multiple MDB table designs simultaneously
    ... ONE database runs ONE application and EACH ... application runs only ONE web site and it work great this way. ... particular app, it would not be efficient to have ONE application run ALL ... web sites on my server. ...
    (microsoft.public.inetserver.asp.general)