No security in visual basic - Hackers beware

[rudin]

Friends,

There seems to be no security on using visual basic programs.
Once you compile your program into an exe file, open it using
notepad or any hex editor. You will get to know that all the strings
you have used are clearly visible. In case, you had used any user-
names or passwords, beware you are trapped in a security flaw.
How to avoid this?

Any follow ups on this topic will be appreciated.

Thanks.

[Cimperiali]

Simply crypt your password inside Vb. Or load strings from crypted files. Or (never tested this last) use resource file...

Special thanks to Lothar "the Great" Haensler. Come back soon, you Guru.

[Clearcode]

A resource file is not secure, because you can use third party viewers to read all the resources in an exe with a resource filke compiled into it.

The thing is thyat if you are hard coding your password into your application it won't be secure in any programming language. This is because string constants are just stored in the executable as they occur....so can be read with a hex editor.

The thing about being able to see what API calls are used is just as much a cross-language thing as a VB thing. If you absolutely must hide this from the users, you can declare APIs using their ordinal number e.g.

public Declare MyDllFunc Lib "MyDll" Alias "#23"() as Long



But if the ordinal position changes (due to adding more functions to the next version of the DLL) your code will no longer work.

So - if you are going to store passwords, use one-way encryption and store it in a hidden external data file for ease of use.

HTH,
D.

-------------------------------------------------
Ex. Datis: Duncan Jones
Merrion Computing Ltd
http://www.merrioncomputing.com

[Cimperiali]

Yes.

Special thanks to Lothar "the Great" Haensler. Come back soon, you Guru.