List:MySQL++« Previous MessageNext Message »
From:J. Greenlees Date:February 10 2005 1:33am
Subject:Re: Password Security
View as plain text  
so do the encryption as a system call to a standalone cosole app.
pass the wncrypted data to the app.
that way all encryption / decryption details are separated from public view.

voguemaster wrote:
> Hi all,
> 
> Well, if the decryption code or key is used somewhere in the DLL then 
> anyone can get to it and the password is not safe.
> 
> In fact, encryption without a secret (whether be it a key or a 
> passphrase unknown to a malicious party), or with a well-hidden secret 
> (hence -> no secret) is actually encoding, not encrypting.
> 
> In order to encrypt something you need a secret.
> 
> 
> Eli
> 
> 
> Earl Miles wrote:
> 
>> Adam Zerlin wrote:
>>
>>> But wouldn't the initial encryption call have to contain the password
>>> and username as straight text?
>>>
>>>
>>> On Tue, 08 Feb 2005 16:45:14 -0800, Earl Miles <merlin@stripped> 
>>> wrote:
>>>
>>>> Adam Zerlin wrote:
>>>>
>>>>> I'm creating a DLL that uses mySQL connections.  However, I can open
>>>>> the DLL up in a Hex editor or even notepad and see my username,
>>>>> password, server, database name, even SQL query strings!  Is there
> any
>>>>> way to encrypt this or cover it up so that you can't just open the
> DLL
>>>>> and get my mySQL connection account?
>>>>>
>>>>> Any help would be appreciated, thanks.
>>>>
>>>>
>>>>
>>>> The obvious answer is to encrypt your passwords however you like,
>>>> and then decrypt them before calling Connection::connect()
>>>>
>>
>> No, you encrypt the username and password manually, and store
>> only the encrypted version in the program.
>>
>> For a very simple example, using a rot13 based encrypt, if
>> the password is 'abc', rot13 encrypted it would be 'nop'.
>> Thus:
>>
>> const char* dbPassword = "nop";
>>
>> ...
>>
>> Connection connection(dbHost, dbName, dbUser, rot13(dbPassword));
>>
> 
> 


Thread
Password SecurityAdam Zerlin9 Feb
  • Re: Password SecurityEarl Miles9 Feb
    • Re: Password SecurityAdam Zerlin9 Feb
      • Re: Password SecurityEarl Miles9 Feb
        • Re: Password SecurityChris Frey9 Feb
          • Re: Password SecurityIan Quick9 Feb
        • Re: Password Securityvoguemaster10 Feb
  • Re: Password SecurityJ. Greenlees10 Feb