RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[Rick Schummer]

THAT was an excellent session at Southwest Fox this year. One of my all-time 
favorites. ;)

Rick
White Light Computing, Inc.

www.whitelightcomputing.com

-Original Message-
From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of 
Wollenhaupt, Christof
Sent: Saturday, December 03, 2016 04:37
To: profoxt...@leafe.com
Subject: Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class 
from another EXE/DLL)

> Can you elaborate on that?  Is that because of the binary storing in 
> VCX files?  Would that also apply to SCX files too?
>

long version: http://foxpert.com/docs/security.en.htm

*TL;DR:*

SCX files are a bit more difficult, but not by much. The approach is the same.

SCX and VCX are opened in the system data session when you execute them.
Code injection allows you to copy those files out of the running application.

Code in the OBJCODE is never encrypted. Clearly visible when you look at the 
help file for the COMPILE command and the
ENCRYPT option.

The report designer is always the easiest. If you let the user modify reports 
try this in your EXE: Open the report
designer, right click to open the data environment, right click to add a file. 
Pick Other. In the file open dialog enter
the name of a VCX or SCX file that is embedded in the EXE. The name must be in 
quotes. You will see the file being
available in the report data environment.

--
Christof


--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
---

[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/004c01d24e52$a9d9be30$fd8d3a90$@whitelightcomputing.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[mbsoftwaresolutions]

On 2016-12-03 04:36, Wollenhaupt, Christof wrote:
Can you elaborate on that?  Is that because of the binary storing in 
VCX

files?  Would that also apply to SCX files too?



long version: http://foxpert.com/docs/security.en.htm

*TL;DR:*

SCX files are a bit more difficult, but not by much. The approach is 
the

same.

SCX and VCX are opened in the system data session when you execute 
them.

Code injection allows you to copy those files out of the running
application.

Code in the OBJCODE is never encrypted. Clearly visible when you look 
at

the help file for the COMPILE command and the ENCRYPT option.

The report designer is always the easiest. If you let the user modify
reports try this in your EXE: Open the report designer, right click to 
open
the data environment, right click to add a file. Pick Other. In the 
file

open dialog enter the name of a VCX or SCX file that is embedded in the
EXE. The name must be in quotes. You will see the file being available 
in

the report data environment.



WOW!  Glad I use PRG classes!

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/f45252905b761deb6ed19a8d73fd2...@mbsoftwaresolutions.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[Wollenhaupt, Christof]

> Can you elaborate on that?  Is that because of the binary storing in VCX
> files?  Would that also apply to SCX files too?
>

long version: http://foxpert.com/docs/security.en.htm

*TL;DR:*

SCX files are a bit more difficult, but not by much. The approach is the
same.

SCX and VCX are opened in the system data session when you execute them.
Code injection allows you to copy those files out of the running
application.

Code in the OBJCODE is never encrypted. Clearly visible when you look at
the help file for the COMPILE command and the ENCRYPT option.

The report designer is always the easiest. If you let the user modify
reports try this in your EXE: Open the report designer, right click to open
the data environment, right click to add a file. Pick Other. In the file
open dialog enter the name of a VCX or SCX file that is embedded in the
EXE. The name must be in quotes. You will see the file being available in
the report data environment.

-- 
Christof


--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
---

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/CAL4QJhg=s2k7f53nyfh8uso4foskje3upatbvybdbiqrr_9...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[Stephen Russell]

I was keeping up.

"Can you elaborate on that?  Is that because of the binary storing in VCX
files?  Would that also apply to SCX files too?

My business and data logic are all in PRGs so I'm just curious at this
point (because it seems like I'm protected otherwise since you only listed
VCX)."

Combining the dbf-like container in your dll or exe is easily consumable
unless the file itself, dll or exe, is secured.

Or it is just as safe as a prg in the same dll-exe.

On Fri, Dec 2, 2016 at 1:36 PM,  wrote:

> On 2016-12-02 14:30, Stephen Russell wrote:
>
>> vcx is a different name for a dbf file which is not secure at all.
>>
>
>
> Steve,
>
> That's true, but you apparently missed the front part of this thread
> perhaps.  We're talking about securing via 1 of the 2 3rd party tools I
> mentioned earlier in the thread.  Try to keep up.  
>
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/cajidmy+uuvbhfupaoxf8ybbbgwdt7rvpd-ozt8mwaceq04j...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[mbsoftwaresolutions]

On 2016-12-02 14:30, Stephen Russell wrote:

vcx is a different name for a dbf file which is not secure at all.



Steve,

That's true, but you apparently missed the front part of this thread 
perhaps.  We're talking about securing via 1 of the 2 3rd party tools I 
mentioned earlier in the thread.  Try to keep up.  


___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/355c17e997b4a2b969c3494f004ae...@mbsoftwaresolutions.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[Stephen Russell]

vcx is a different name for a dbf file which is not secure at all.

On Fri, Dec 2, 2016 at 1:17 PM,  wrote:

> On 2016-12-02 13:54, Wollenhaupt, Christof wrote:
>
>>
>>> Can you think of any other tool preferable to use for protecting your
>>> deployed apps?
>>>
>>> Any comments on the two mentioned above?
>>>
>>>
>> As long as you are aware that none of these tools will protect code that
>> is
>> stored in a VCX, they are both good choices.
>>
>
>
> Hi Christof,
>
> Can you elaborate on that?  Is that because of the binary storing in VCX
> files?  Would that also apply to SCX files too?
>
> My business and data logic are all in PRGs so I'm just curious at this
> point (because it seems like I'm protected otherwise since you only listed
> VCX).
>
[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/CAJidMYK+UWF_DHu-JXb4D43LTP4=c1_lbhjdztko-gn-+bf...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[mbsoftwaresolutions]

On 2016-12-02 13:54, Wollenhaupt, Christof wrote:


Can you think of any other tool preferable to use for protecting your
deployed apps?

Any comments on the two mentioned above?



As long as you are aware that none of these tools will protect code 
that is

stored in a VCX, they are both good choices.



Hi Christof,

Can you elaborate on that?  Is that because of the binary storing in VCX 
files?  Would that also apply to SCX files too?


My business and data logic are all in PRGs so I'm just curious at this 
point (because it seems like I'm protected otherwise since you only 
listed VCX).


___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/c1f44a88d66ac4a4ee54ebe400b62...@mbsoftwaresolutions.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Re: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[Wollenhaupt, Christof]

>
> Can you think of any other tool preferable to use for protecting your
> deployed apps?
>
> Any comments on the two mentioned above?
>

As long as you are aware that none of these tools will protect code that is
stored in a VCX, they are both good choices.

-- 
Christof


--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
---

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/cal4qjhg_ato99jhjzwqvbk8rb_8s-gx14jouirxmra8+x-9...@mail.gmail.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[Carl Lindner]

Mike,

Long time...  So, if things have not changed, you get the 64 bit and encrypt
in your environment.  The client environment does not matter.

Years ago I researched encryption very hard and went with Software Passport.
I had some quirky problems with Win 7-32 and the developer helped resolve
them.  It hurts to see a good product fail.

Carl


-Original Message-
From: ProFox [mailto:profox-boun...@leafe.com] On Behalf Of
mbsoftwaresoluti...@mbsoftwaresolutions.com
Sent: Thursday, December 01, 2016 6:00 PM
To: ProFox Email List
Subject: RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class
from another EXE/DLL)

On 2016-12-01 11:44, Carl Lindner wrote:
> Mike,
> 
> I have been using Armadillo aka Software Passport for years.  I do not 
> know of any protection issues but my distribution to clients is 
> limited - in the couple dozen range.
> 
> When I bought, it was purchased as 32 or 64 bit.  That depended on the 
> source machine, not the target.
> 
> Carl


Thanks, Carl.  My machines are 64-bit, but I'm sure some clients out there
still have 32-bit.

[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/!&!AAAYAG5bUi4Gq6hEgJNCRZwAd1milwAAEPVTasDJjFlBqU/BP9Ls3qMBAA==@bdos.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[mbsoftwaresolutions]

On 2016-12-01 11:44, Carl Lindner wrote:

Mike,

I have been using Armadillo aka Software Passport for years.  I do not 
know
of any protection issues but my distribution to clients is limited - in 
the

couple dozen range.

When I bought, it was purchased as 32 or 64 bit.  That depended on the
source machine, not the target.

Carl



Thanks, Carl.  My machines are 64-bit, but I'm sure some clients out 
there still have 32-bit.


___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/b6dab7e3b81d4dad5a9497c15016a...@mbsoftwaresolutions.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

RE: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from another EXE/DLL)

[Carl Lindner]

Mike,

I have been using Armadillo aka Software Passport for years.  I do not know
of any protection issues but my distribution to clients is limited - in the
couple dozen range.

When I bought, it was purchased as 32 or 64 bit.  That depended on the
source machine, not the target.

Carl

-Original Message-
From: ProFox [mailto:profox-boun...@leafe.com] On Behalf Of
mbsoftwaresoluti...@mbsoftwaresolutions.com
Sent: 12/01/2016 10:59 AM
To: ProFox
Subject: PROTECTING YOUR DISTRIBUTED CODE (was Re: Using a common class from
another EXE/DLL)

On 2016-12-01 06:27, Ted Roche wrote:
> Agree. Depends on the level of security you want/need. Compiling
> encrypted is enough to deter most. Nearly all Fox EXE / DLL can be
> decrypted, so if you *really* need it secure, look to a 3rd party
> solution, or move the secure parts off the client's machine and
> require them to contact a web resource you control so they can't
> access it.


I recall somebody mentioning Armadillo to protect your EXEs in the past 
(from reverse engineering):  
http://www.freedownloadscenter.com/Programming/Registration_Tools/The_Armadi
llo_Software_Protection_System.html

ReFox also offers protection:  http://www.refox.net/-overview.html

Can you think of any other tool preferable to use for protecting your 
deployed apps?

Any comments on the two mentioned above?

tia,
--Mike


[excessive quoting removed by server]

___
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: 
http://leafe.com/archives/byMID/profox/!&!AAAYAAZ6acx/WBlNqEIsKHz6tc0ClgAAEPO1IYA9AOdAqlP36gi0xdUBAA==@bdos.com
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.