Morning everyone,
Do you know what my favorite part of programming is? I don't know
about anyone else, but for me, finding a hybrid solution to an old problem
that also solves a problem inherent to the original solution itself!
Conceptually, doing this is a lot like how one creates descendants of a
basic component or object that was originally created to perform a specific
function or set of functions, and though making its use available to a
narrower range of solutions, validates its existence by achieving a better
or higher standard of use within this new range!
Just the other day, I was faced with a problem where the singular
database file the vendor product I am now using, ( AbsoluteDB from
ComponentAce ), requires a trade-off or compromise between the levels of
security and speed one can adjust it to use.
See, it has a built-in security mechanism that encrypts and decrypts
itself one page at a time while it is open and active IF a database password
is set. The encryption is quite good, being Rijandel 128, and if used
prevents anyone from being able to open and view its table field values
using another application or utility...if, of course, they are able to
access the file itself in the first place! However, by using a password to
gain this security provision, the average speed loss across the entire
database is 2x the same dB File without encryption of this kind! And that's
a big loss at certain times!
It's quite easy enough to secure the overall application so that IT
cannot be used by an unauthorized person to get at these values, but the dB
File, depending upon where and under what security measures it is stored,
and if not password protected as described, is easily broken into!
Well I couldn't live with such a speed loss, at least not in this
particular situation where the database tables are used to store data
including parameters, script files, and other types which are called by
shortcut links on the desktop. Any degree or impression of a time-lapse
when working on the Windows desktop really aggravates users...especially any
change of even a half-second over what they're used to!
At the same time, my client, whom I don't believe ever used the word
"security" in a sentence before his firm was computerized, was insistent
that I use the cheapest database possible AND that it be "secure"!
So I considered all kinds of different strategies over the next
couple of days, and being that I was about to be late on my promised
delivery of the application I wasn't even making enough on to feed myself
for a week, I finally decided to do it the easiest and fastest way possible.
I wrote a wrapper for the dB File that would encrypt the entire
file, storing it in a secure directory that can only be accessed by the
currently logged on username, and wipe deleted the original. This was made
a part of the application and occurred upon the closing of the datamodule
itself. Then, when the app was started again, the wrapper would decrypt the
dB File,
And move it back into the user's working directory, wipe-deleting the
encrypted version at the same time. Then when the datamodule is created,
the file is there ready to be found! The Application also uses this wrapper
as part of its Archiving procedure, making sure any archived copies of the
dB file are first encrypted before being copied to the user's Archive
directory. That way, Archives themselves can only be opened by the
application again. And of course I used the Rijandel 128 algorithm as well,
but run the passwords thru an obscuration algorithm that re-builds the "key"
from assorted pieces found in different units of the application and within
functions that one would need to look really hard at to see what's going on
beside it's described method.
Doing this was no great feat of course, and I'm not writing about
this to gain a pat on the back. I brought it up because I am curious about
solutions others here may have made over the years, that much like the
"better mouse trap", is never really appreciated until the little rodent
escapes from out of the other guy's trap!
from Robert Meek dba "Tangentals Design"
e-mail: [EMAIL PROTECTED]
Freelance Windows Programming for XP and Vista
Also proud to be a Moderator of the "Delphi-List" at elists.org
"Reality cannot be explained...only enjoyed or endured as your current
perspective allows!"
__________________________________________________
Delphi-Talk mailing list -> Delphi-Talk@elists.org
http://www.elists.org/mailman/listinfo/delphi-talk
