On 13.04.2006 16:42, Luke Bakken wrote:
How can you do that in other languages?
Good question.
If you have strings in the
executable file, they can be discovered.
They could be encrypted, using something trivial like rot13 or xor, or
even good encryption algortihms like 3DES, blowfish, etc., and still
they can be recovered. See below.
You could read the data from a file (the file could even be encrypted)
... and because you need the decryption key and the decryption algorithm
in the program, nothing is gained.
You make it a little bit harder for a script kiddie to find the connect
data, but for someone with a motivation, this is just a little bit more
work.
and pass it to connect(), or get it out of the environment.
Try strings /proc/self/environ on any linux box. The environment is not
the best place to save sensitive data, nor is the command line.
Encryption does not help here. Make sure your application server is
properly protected: Remove all unneeded applications and services, place
it behind a firewall, make sure no one can login on the server except a
crew of qualified administrators.
Alexander
--
Alexander Foken
mailto:[EMAIL PROTECTED] http://www.foken.de/alexander/
