Creation password at runtime
John Esak
john at valar.com
Sun Jan 21 08:01:59 PST 2007
For that matter... the *whole* key file could be searched in the same way,
so if it is Payroll data we are trying to keep password protected for
instance... what does it matter if the password is viewable in the tok file
when the actual data is visible in the key? I think if you have users doing
this kind of thing in the first place, you have more trouble than hiding a
password. :-)
JE
> -----Original Message-----
> From: filepro-list-bounces+john=valar.com at lists.celestial.com
> [mailto:filepro-list-bounces+john=valar.com at lists.celestial.com]On
> Behalf Of George
> Sent: Sunday, January 21, 2007 1:11 AM
> To: 'Jean-Pierre A. Radley'; 'FilePro Mailing List'
> Subject: RE: Creation password at runtime
>
>
> -----Original Message-----
> From: filepro-list-bounces+flowersoft=compuserve.com at lists.celestial.com
> [mailto:filepro-list-bounces+flowersoft=compuserve.com at lists.celes
> tial.com]
> On Behalf Of Jean-Pierre A. Radley
> Sent: Saturday, January 20, 2007 6:17 PM
> To: FilePro Mailing List
> Subject: Re: Creation password at runtime
>
>
> George Simon propounded (on Fri, Jan 19, 2007 at 03:08:32PM -0500):
> | > I see George Simon's post:
> |
> | >> Why couldn't a simple:
> | >>
> | >> video off
> | >> pushkey "creationpassword"{"[entr]"
> | >> lookup thefile = (fn) k=1 i=a -npx
> | >>
> | >> get around this problem?
> |
> | > Neat idea - and although this might work (I'd have to test to
> do it only
> > once since I have a loop of these lookups), I'm not keen on the idea of
> | > putting a hard-coded reference of a password in the table - that would
> be, > in my mind, just as much a security hole as not asking for the
> password.
> | > Or at least, I guess it would if the file that this prc is in has a
> | > different creation password than the one that I'm doing the lookup to.
> |
> | Do you supply the prc tables to your customers?
> | If you don't, then there is no way for them to see it.
>
> > George, a quoted string in a prc.table is assuredly readable in the
> > resulting tok.table. It is not encoded.
>
> > --
> > JP
> > ==> http://www.frappr.com/cusm <==
> > _______________________________________________
> > Filepro-list mailing list
> > Filepro-list at lists.celestial.com
> > http://mailman.celestial.com/mailman/listinfo/filepro-list
>
> Yes, I know. However, the user never sees the password prompt so why would
> they go searching in the tok table for a password? In any case, Bruce
> offered an enhancement to read the (encrypted) password from a different
> creation-password protected file.
>
>
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> http://mailman.celestial.com/mailman/listinfo/filepro-list
More information about the Filepro-list
mailing list