On 2016-12-01 06:27, Ted Roche wrote:
Agree. Depends on the level of security you want/need. Compiling encrypted is enough to deter most. Nearly all Fox EXE / DLL can be decrypted, so if you *really* need it secure, look to a 3rd party solution, or move the secure parts off the client's machine and require them to contact a web resource you control so they can't access it.
I recall somebody mentioning Armadillo to protect your EXEs in the past (from reverse engineering): http://www.freedownloadscenter.com/Programming/Registration_Tools/The_Armadi...
ReFox also offers protection: http://www.refox.net/-overview.html
Can you think of any other tool preferable to use for protecting your deployed apps?
Any comments on the two mentioned above?
tia, --Mike
Mike,
I have been using Armadillo aka Software Passport for years. I do not know of any protection issues but my distribution to clients is limited - in the couple dozen range.
When I bought, it was purchased as 32 or 64 bit. That depended on the source machine, not the target.
Carl
-----Original Message----- From: ProFox [mailto:profox-bounces@leafe.com] On Behalf Of mbsoftwaresolutions@mbsoftwaresolutions.com Sent: 12/01/2016 10:59 AM To: ProFox Subject: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
On 2016-12-01 06:27, Ted Roche wrote:
Agree. Depends on the level of security you want/need. Compiling encrypted is enough to deter most. Nearly all Fox EXE / DLL can be decrypted, so if you *really* need it secure, look to a 3rd party solution, or move the secure parts off the client's machine and require them to contact a web resource you control so they can't access it.
I recall somebody mentioning Armadillo to protect your EXEs in the past (from reverse engineering): http://www.freedownloadscenter.com/Programming/Registration_Tools/The_Armadi llo_Software_Protection_System.html
ReFox also offers protection: http://www.refox.net/-overview.html
Can you think of any other tool preferable to use for protecting your deployed apps?
Any comments on the two mentioned above?
tia, --Mike
[excessive quoting removed by server]
On 2016-12-01 11:44, Carl Lindner wrote:
Mike,
I have been using Armadillo aka Software Passport for years. I do not know of any protection issues but my distribution to clients is limited - in the couple dozen range.
When I bought, it was purchased as 32 or 64 bit. That depended on the source machine, not the target.
Carl
Thanks, Carl. My machines are 64-bit, but I'm sure some clients out there still have 32-bit.
Mike,
Long time... So, if things have not changed, you get the 64 bit and encrypt in your environment. The client environment does not matter.
Years ago I researched encryption very hard and went with Software Passport. I had some quirky problems with Win 7-32 and the developer helped resolve them. It hurts to see a good product fail.
Carl
-----Original Message----- From: ProFox [mailto:profox-bounces@leafe.com] On Behalf Of mbsoftwaresolutions@mbsoftwaresolutions.com Sent: Thursday, December 01, 2016 6:00 PM To: ProFox Email List Subject: RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
On 2016-12-01 11:44, Carl Lindner wrote:
Mike,
I have been using Armadillo aka Software Passport for years. I do not know of any protection issues but my distribution to clients is limited - in the couple dozen range.
When I bought, it was purchased as 32 or 64 bit. That depended on the source machine, not the target.
Carl
Thanks, Carl. My machines are 64-bit, but I'm sure some clients out there still have 32-bit.
[excessive quoting removed by server]
Can you think of any other tool preferable to use for protecting your deployed apps?
Any comments on the two mentioned above?
As long as you are aware that none of these tools will protect code that is stored in a VCX, they are both good choices.
On 2016-12-02 13:54, Wollenhaupt, Christof wrote:
Can you think of any other tool preferable to use for protecting your deployed apps?
Any comments on the two mentioned above?
As long as you are aware that none of these tools will protect code that is stored in a VCX, they are both good choices.
Hi Christof,
Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too?
My business and data logic are all in PRGs so I'm just curious at this point (because it seems like I'm protected otherwise since you only listed VCX).
vcx is a different name for a dbf file which is not secure at all.
On Fri, Dec 2, 2016 at 1:17 PM, <mbsoftwaresolutions@mbsoftwaresolutions.com
wrote:
On 2016-12-02 13:54, Wollenhaupt, Christof wrote:
Can you think of any other tool preferable to use for protecting your deployed apps?
Any comments on the two mentioned above?
As long as you are aware that none of these tools will protect code that is stored in a VCX, they are both good choices.
Hi Christof,
Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too?
My business and data logic are all in PRGs so I'm just curious at this point (because it seems like I'm protected otherwise since you only listed VCX).
[excessive quoting removed by server]
On 2016-12-02 14:30, Stephen Russell wrote:
vcx is a different name for a dbf file which is not secure at all.
Steve,
That's true, but you apparently missed the front part of this thread perhaps. We're talking about securing via 1 of the 2 3rd party tools I mentioned earlier in the thread. Try to keep up. <g>
I was keeping up.
"Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too?
My business and data logic are all in PRGs so I'm just curious at this point (because it seems like I'm protected otherwise since you only listed VCX)."
Combining the dbf-like container in your dll or exe is easily consumable unless the file itself, dll or exe, is secured.
Or it is just as safe as a prg in the same dll-exe.
On Fri, Dec 2, 2016 at 1:36 PM, <mbsoftwaresolutions@mbsoftwaresolutions.com
wrote:
On 2016-12-02 14:30, Stephen Russell wrote:
vcx is a different name for a dbf file which is not secure at all.
Steve,
That's true, but you apparently missed the front part of this thread perhaps. We're talking about securing via 1 of the 2 3rd party tools I mentioned earlier in the thread. Try to keep up. <g>
[excessive quoting removed by server]
Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too?
long version: http://foxpert.com/docs/security.en.htm
*TL;DR:*
SCX files are a bit more difficult, but not by much. The approach is the same.
SCX and VCX are opened in the system data session when you execute them. Code injection allows you to copy those files out of the running application.
Code in the OBJCODE is never encrypted. Clearly visible when you look at the help file for the COMPILE command and the ENCRYPT option.
The report designer is always the easiest. If you let the user modify reports try this in your EXE: Open the report designer, right click to open the data environment, right click to add a file. Pick Other. In the file open dialog enter the name of a VCX or SCX file that is embedded in the EXE. The name must be in quotes. You will see the file being available in the report data environment.
On 2016-12-03 04:36, Wollenhaupt, Christof wrote:
Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too?
long version: http://foxpert.com/docs/security.en.htm
*TL;DR:*
SCX files are a bit more difficult, but not by much. The approach is the same.
SCX and VCX are opened in the system data session when you execute them. Code injection allows you to copy those files out of the running application.
Code in the OBJCODE is never encrypted. Clearly visible when you look at the help file for the COMPILE command and the ENCRYPT option.
The report designer is always the easiest. If you let the user modify reports try this in your EXE: Open the report designer, right click to open the data environment, right click to add a file. Pick Other. In the file open dialog enter the name of a VCX or SCX file that is embedded in the EXE. The name must be in quotes. You will see the file being available in the report data environment.
WOW! Glad I use PRG classes!
THAT was an excellent session at Southwest Fox this year. One of my all-time favorites. ;)
Rick White Light Computing, Inc.
www.whitelightcomputing.com
-----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of Wollenhaupt, Christof Sent: Saturday, December 03, 2016 04:37 To: profoxtech@leafe.com Subject: Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too?
long version: http://foxpert.com/docs/security.en.htm
*TL;DR:*
SCX files are a bit more difficult, but not by much. The approach is the same.
SCX and VCX are opened in the system data session when you execute them. Code injection allows you to copy those files out of the running application.
Code in the OBJCODE is never encrypted. Clearly visible when you look at the help file for the COMPILE command and the ENCRYPT option.
The report designer is always the easiest. If you let the user modify reports try this in your EXE: Open the report designer, right click to open the data environment, right click to add a file. Pick Other. In the file open dialog enter the name of a VCX or SCX file that is embedded in the EXE. The name must be in quotes. You will see the file being available in the report data environment.
-- Christof
--- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html ---
[excessive quoting removed by server]
-
Carl Lindner -
mbsoftwaresolutions@mbsoftwaresolutions.com -
Rick Schummer -
Stephen Russell -
Wollenhaupt, Christof