+1 for encrypting fields. I still use something Mac Rubel wrote many
years ago.
On 3/12/2014 2:33 PM, Ted Roche wrote:
John:
Your intentions are good, but I don't think this goes far enough. Every
application on the machine (or the network, if the location is shared) can
read the dbf while it is open by the program: Excel, anything with ODBC,
even Notepad.
I'd suggest a better strategy might be to encrypt the sensitive fields
within the table, and only decrypt those within your application. Store the
decryption key within your compiled executable, but not as one hard-coded
string, since anyone can dump the EXE looking for plaintext fields.
I don't have an encryption mechanism to recommend, but others in the forum
ought to be able to help with that.
On Wed, Mar 12, 2014 at 5:25 PM, John Weller <[email protected]> wrote:
I have written a simple membership system for a local charity. The data is
held in a dbc with about 10 tables. I have been advised that to conform to
the UK Data Protection Act I should be encrypting the sensitive personal
data which I take to mean the file containing the names and addresses,
members.dbf. I have never done anything like this before so am stumbling a
bit :-)
I intend to use VFPEncryption71.fll. The way I propose to use it is to
encrypt the members.dbf file initially outside the program and give it a
suitable name then delete members.dbf. In the main.prg, before the dbc is
opened I will decrypt the encrypted file to a file called members.dbf which
the dbc will use. In the shutdown I will delete the old encrypted file,
re-encrypt members.dbf then delete members.dbf.
I would welcome comments on my proposed strategy.
John Weller
01380 723235
07976 393631
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
