Creation password at runtime

Brian K. White brian at aljex.com
Fri Jan 19 13:38:38 PST 2007 

I guess the password could be stored encrypted in a file, and looked up in a 
manner that doesn't trigger it's own password prompt?
Then the password would not be a litteral string, and would still be 
inaccessible to the user as long as the decryption method was hidden in the 
tok table with no prc table?

Brian K. White  --  brian at aljex.com  --  http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro  BBx    Linux  SCO  FreeBSD    #callahans  Satriani  Filk!

----- Original Message ----- 
From: "John Esak" <john at valar.com>
To: "George Simon" <GSimon at americanriverintl.com>
Cc: "Filepro-List at Lists. Celestial. Com" <filepro-list at lists.celestial.com>
Sent: Friday, January 19, 2007 4:23 PM
Subject: RE: Creation password at runtime


Don't know why it takes two ENTR's on my ssytem... it just does... even so,
the idea is great and all... but honestly, after thinking about it... the
lack of security with a hardcoded password in the table makes it not worth
it.  Too bad. I see you mentioned that just giving the tok table would fix
this... but then that means you don't know that the tok table does *not*
encrypt strings... they would be *plainly* visible.

So, obviously, Ken (FP Tech) will have to come up with some fix.

Honestly, I do not remember ever having this problem and I *do* remember the
clear lookup being a work around.

Has something changed?

John


> -----Original Message-----
> From: filepro-list-bounces+john=valar.com at lists.celestial.com
> [mailto:filepro-list-bounces+john=valar.com at lists.celestial.com]On
> Behalf Of George Simon
> Sent: Friday, January 19, 2007 3:09 PM
> To: Bruce Easton; filepro-list at lists.celestial.com
> Subject: RE: Creation password at runtime
>
>
> > I see George Simon's post:
>
> >> Why couldn't a simple:
> >>
> >> video off
> >> pushkey "creationpassword"{"[entr]"
> >> lookup thefile = (fn)  k=1  i=a  -npx
> >>
> >> get around this problem?
>
> > Neat idea - and although this might work (I'd have to test to
> do it only  > once since I have a loop of these lookups), I'm not
> keen on the idea of
> > putting a hard-coded reference of a password in the table -
> that would be, > in my mind, just as much a security hole as not
> asking for the password.
> > Or at least, I guess it would if the file that this prc is in has a
> > different creation password than the one that I'm doing the lookup to.
>
> Do you supply the prc tables to your customers?
> If you don't, then there is no way for them to see it.
>
> PS- Say hello to Marcia.
>
> George Simon Sr. Programmer
> Information Technologies
> American River International
>
>
>
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> http://mailman.celestial.com/mailman/listinfo/filepro-list

_______________________________________________
Filepro-list mailing list
Filepro-list at lists.celestial.com
http://mailman.celestial.com/mailman/listinfo/filepro-list

More information about the Filepro-list mailing list