John: Your intentions are good, but I don't think this goes far enough. Every application on the machine (or the network, if the location is shared) can read the dbf while it is open by the program: Excel, anything with ODBC, even Notepad.
I'd suggest a better strategy might be to encrypt the sensitive fields within the table, and only decrypt those within your application. Store the decryption key within your compiled executable, but not as one hard-coded string, since anyone can dump the EXE looking for plaintext fields. I don't have an encryption mechanism to recommend, but others in the forum ought to be able to help with that. On Wed, Mar 12, 2014 at 5:25 PM, John Weller <[email protected]> wrote: > I have written a simple membership system for a local charity. The data is > held in a dbc with about 10 tables. I have been advised that to conform to > the UK Data Protection Act I should be encrypting the sensitive personal > data which I take to mean the file containing the names and addresses, > members.dbf. I have never done anything like this before so am stumbling a > bit :-) > > I intend to use VFPEncryption71.fll. The way I propose to use it is to > encrypt the members.dbf file initially outside the program and give it a > suitable name then delete members.dbf. In the main.prg, before the dbc is > opened I will decrypt the encrypted file to a file called members.dbf which > the dbc will use. In the shutdown I will delete the old encrypted file, > re-encrypt members.dbf then delete members.dbf. > > I would welcome comments on my proposed strategy. > > John Weller > 01380 723235 > 07976 393631 > > > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/cacw6n4s6gnaxwqavjt8agsvw8glpl1m0dq4sbitbosrbfeg...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
