RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
THAT was an excellent session at Southwest Fox this year. One of my all-time favorites. ;) Rick White Light Computing, Inc. www.whitelightcomputing.com -Original Message- From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Wollenhaupt, Christof Sent: Saturday, December 03, 2016 04:37 To: profoxt...@leafe.com Subject: Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL) > Can you elaborate on that? Is that because of the binary storing in > VCX files? Would that also apply to SCX files too? > long version: http://foxpert.com/docs/security.en.htm *TL;DR:* SCX files are a bit more difficult, but not by much. The approach is the same. SCX and VCX are opened in the system data session when you execute them. Code injection allows you to copy those files out of the running application. Code in the OBJCODE is never encrypted. Clearly visible when you look at the help file for the COMPILE command and the ENCRYPT option. The report designer is always the easiest. If you let the user modify reports try this in your EXE: Open the report designer, right click to open the data environment, right click to add a file. Pick Other. In the file open dialog enter the name of a VCX or SCX file that is embedded in the EXE. The name must be in quotes. You will see the file being available in the report data environment. -- Christof --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- [excessive quoting removed by server] ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/004c01d24e52$a9d9be30$fd8d3a90$@whitelightcomputing.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
On 2016-12-03 04:36, Wollenhaupt, Christof wrote: Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too? long version: http://foxpert.com/docs/security.en.htm *TL;DR:* SCX files are a bit more difficult, but not by much. The approach is the same. SCX and VCX are opened in the system data session when you execute them. Code injection allows you to copy those files out of the running application. Code in the OBJCODE is never encrypted. Clearly visible when you look at the help file for the COMPILE command and the ENCRYPT option. The report designer is always the easiest. If you let the user modify reports try this in your EXE: Open the report designer, right click to open the data environment, right click to add a file. Pick Other. In the file open dialog enter the name of a VCX or SCX file that is embedded in the EXE. The name must be in quotes. You will see the file being available in the report data environment. WOW! Glad I use PRG classes! ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/f45252905b761deb6ed19a8d73fd2...@mbsoftwaresolutions.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
> Can you elaborate on that? Is that because of the binary storing in VCX > files? Would that also apply to SCX files too? > long version: http://foxpert.com/docs/security.en.htm *TL;DR:* SCX files are a bit more difficult, but not by much. The approach is the same. SCX and VCX are opened in the system data session when you execute them. Code injection allows you to copy those files out of the running application. Code in the OBJCODE is never encrypted. Clearly visible when you look at the help file for the COMPILE command and the ENCRYPT option. The report designer is always the easiest. If you let the user modify reports try this in your EXE: Open the report designer, right click to open the data environment, right click to add a file. Pick Other. In the file open dialog enter the name of a VCX or SCX file that is embedded in the EXE. The name must be in quotes. You will see the file being available in the report data environment. -- Christof --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CAL4QJhg=s2k7f53nyfh8uso4foskje3upatbvybdbiqrr_9...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
I was keeping up. "Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too? My business and data logic are all in PRGs so I'm just curious at this point (because it seems like I'm protected otherwise since you only listed VCX)." Combining the dbf-like container in your dll or exe is easily consumable unless the file itself, dll or exe, is secured. Or it is just as safe as a prg in the same dll-exe. On Fri, Dec 2, 2016 at 1:36 PM,wrote: > On 2016-12-02 14:30, Stephen Russell wrote: > >> vcx is a different name for a dbf file which is not secure at all. >> > > > Steve, > > That's true, but you apparently missed the front part of this thread > perhaps. We're talking about securing via 1 of the 2 3rd party tools I > mentioned earlier in the thread. Try to keep up. > [excessive quoting removed by server] ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/cajidmy+uuvbhfupaoxf8ybbbgwdt7rvpd-ozt8mwaceq04j...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
On 2016-12-02 14:30, Stephen Russell wrote: vcx is a different name for a dbf file which is not secure at all. Steve, That's true, but you apparently missed the front part of this thread perhaps. We're talking about securing via 1 of the 2 3rd party tools I mentioned earlier in the thread. Try to keep up. ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/355c17e997b4a2b969c3494f004ae...@mbsoftwaresolutions.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
vcx is a different name for a dbf file which is not secure at all. On Fri, Dec 2, 2016 at 1:17 PM,wrote: > On 2016-12-02 13:54, Wollenhaupt, Christof wrote: > >> >>> Can you think of any other tool preferable to use for protecting your >>> deployed apps? >>> >>> Any comments on the two mentioned above? >>> >>> >> As long as you are aware that none of these tools will protect code that >> is >> stored in a VCX, they are both good choices. >> > > > Hi Christof, > > Can you elaborate on that? Is that because of the binary storing in VCX > files? Would that also apply to SCX files too? > > My business and data logic are all in PRGs so I'm just curious at this > point (because it seems like I'm protected otherwise since you only listed > VCX). > [excessive quoting removed by server] ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CAJidMYK+UWF_DHu-JXb4D43LTP4=c1_lbhjdztko-gn-+bf...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
On 2016-12-02 13:54, Wollenhaupt, Christof wrote: Can you think of any other tool preferable to use for protecting your deployed apps? Any comments on the two mentioned above? As long as you are aware that none of these tools will protect code that is stored in a VCX, they are both good choices. Hi Christof, Can you elaborate on that? Is that because of the binary storing in VCX files? Would that also apply to SCX files too? My business and data logic are all in PRGs so I'm just curious at this point (because it seems like I'm protected otherwise since you only listed VCX). ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/c1f44a88d66ac4a4ee54ebe400b62...@mbsoftwaresolutions.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
> > Can you think of any other tool preferable to use for protecting your > deployed apps? > > Any comments on the two mentioned above? > As long as you are aware that none of these tools will protect code that is stored in a VCX, they are both good choices. -- Christof --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/cal4qjhg_ato99jhjzwqvbk8rb_8s-gx14jouirxmra8+x-9...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
Mike, Long time... So, if things have not changed, you get the 64 bit and encrypt in your environment. The client environment does not matter. Years ago I researched encryption very hard and went with Software Passport. I had some quirky problems with Win 7-32 and the developer helped resolve them. It hurts to see a good product fail. Carl -Original Message- From: ProFox [mailto:profox-boun...@leafe.com] On Behalf Of mbsoftwaresoluti...@mbsoftwaresolutions.com Sent: Thursday, December 01, 2016 6:00 PM To: ProFox Email List Subject: RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL) On 2016-12-01 11:44, Carl Lindner wrote: > Mike, > > I have been using Armadillo aka Software Passport for years. I do not > know of any protection issues but my distribution to clients is > limited - in the couple dozen range. > > When I bought, it was purchased as 32 or 64 bit. That depended on the > source machine, not the target. > > Carl Thanks, Carl. My machines are 64-bit, but I'm sure some clients out there still have 32-bit. [excessive quoting removed by server] ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/!&!AAAYAG5bUi4Gq6hEgJNCRZwAd1milwAAEPVTasDJjFlBqU/BP9Ls3qMBAA==@bdos.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
On 2016-12-01 11:44, Carl Lindner wrote: Mike, I have been using Armadillo aka Software Passport for years. I do not know of any protection issues but my distribution to clients is limited - in the couple dozen range. When I bought, it was purchased as 32 or 64 bit. That depended on the source machine, not the target. Carl Thanks, Carl. My machines are 64-bit, but I'm sure some clients out there still have 32-bit. ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/b6dab7e3b81d4dad5a9497c15016a...@mbsoftwaresolutions.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)
Mike, I have been using Armadillo aka Software Passport for years. I do not know of any protection issues but my distribution to clients is limited - in the couple dozen range. When I bought, it was purchased as 32 or 64 bit. That depended on the source machine, not the target. Carl -Original Message- From: ProFox [mailto:profox-boun...@leafe.com] On Behalf Of mbsoftwaresoluti...@mbsoftwaresolutions.com Sent: 12/01/2016 10:59 AM To: ProFox Subject: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL) On 2016-12-01 06:27, Ted Roche wrote: > Agree. Depends on the level of security you want/need. Compiling > encrypted is enough to deter most. Nearly all Fox EXE / DLL can be > decrypted, so if you *really* need it secure, look to a 3rd party > solution, or move the secure parts off the client's machine and > require them to contact a web resource you control so they can't > access it. I recall somebody mentioning Armadillo to protect your EXEs in the past (from reverse engineering): http://www.freedownloadscenter.com/Programming/Registration_Tools/The_Armadi llo_Software_Protection_System.html ReFox also offers protection: http://www.refox.net/-overview.html Can you think of any other tool preferable to use for protecting your deployed apps? Any comments on the two mentioned above? tia, --Mike [excessive quoting removed by server] ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/!&!AAAYAAZ6acx/WBlNqEIsKHz6tc0ClgAAEPO1IYA9AOdAqlP36gi0xdUBAA==@bdos.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.