Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Hack in ADS

13 posts in Delphi Last posting was on 2003-09-15 21:31:29.0Z
Chris Posted on 2003-09-02 13:00:11.0Z
From: "Chris" <cleong28@attbi.com>
Newsgroups: advantage.delphi
Subject: Hack in ADS
Date: Tue, 2 Sep 2003 09:00:11 -0400
Lines: 22
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
NNTP-Posting-Host: 68.163.98.78
Message-ID: <3f549484@solutions.advantagedatabase.com>
X-Trace: 2 Sep 2003 07:00:52 -0700, 68.163.98.78
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!68.163.98.78
Xref: solutions.advantagedatabase.com Advantage.Delphi:13830
Article PK: 1107266

Hi All,
I was curious about the security of ADS 6.2 (or any version), so I download
a hex editor and used it to look into my .exes. What I found scared me. In
every .exe, you can find the system administrator's username=adssys and
passwordword if you want to get into the DD. This has serious implication
for commercial software as it allows people to easily "steal" your software.
We use couple control files (.adt) to store important info such as serial
number and server access type (LOCAL,REMOTE, or INTERNET) and EVAL or
PRODUCTION version. This makes our programs vunerable because they can be
changed these easily.
I'm curious about how some of you handle this issue?
If I encrypt my tables by checking the encrypt tables checkbox in ARC32, do
I also have to call AdsEnableEncryption(mypassword) programmatically to
activate encryption for the table? I tried it without calling
AdsEnableEncryption and I can see most of the data un-encrypted using the
hex editor. I'm not sure if I'll get a program error if I call
AdsEnableEncryption as the program checks some of these fields from time to
time.
Thanks for any suggestions.
Chris


Gene Weinbeck Posted on 2003-09-02 13:54:45.0Z
From: Gene Weinbeck <genex_a_t_FundRaiserSoftware.com>
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
Date: Tue, 02 Sep 2003 08:54:45 -0500
Organization: FundRaiser Software
Message-ID: <e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com>
References: <3f549484@solutions.advantagedatabase.com>
X-Newsreader: Forte Agent 1.93/32.576 English (American)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: 69.29.39.118
X-Trace: 2 Sep 2003 07:58:35 -0700, 69.29.39.118
Lines: 21
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!69.29.39.118
Xref: solutions.advantagedatabase.com Advantage.Delphi:13832
Article PK: 1107267


on Tue, 2 Sep 2003 09:00:11 -0400, "Chris" <cleong28@attbi.com> wrote:

>In every .exe, you can find the system administrator's username=adssys and
>password

I presume that you have entered those into the properties of the
ADSConnection component. Better is to assign the password
programmatically.

What I do for the AdsSys password is to "build" it from individual
characters returned from oddly named functions scattered around the
app, then set the password equal to that built string. I have no idea
how secure that is, but it seems a reasonable obstacle. Maybe someone
here knows of a better way to handle this.

I store non-Administrative usernames and passwords in an encrypted ADT
file.

Gene Weinbeck
FundRaiser Software
genex at FundRaiserSoftware.com


Chris Posted on 2003-09-02 15:56:47.0Z
From: "Chris" <cleong28@attbi.com>
Newsgroups: advantage.delphi
References: <3f549484@solutions.advantagedatabase.com> <e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com>
Subject: Re: Hack in ADS
Date: Tue, 2 Sep 2003 11:56:47 -0400
Lines: 36
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
NNTP-Posting-Host: 68.163.98.78
Message-ID: <3f54bdf7@solutions.advantagedatabase.com>
X-Trace: 2 Sep 2003 09:57:43 -0700, 68.163.98.78
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!68.163.98.78
Xref: solutions.advantagedatabase.com Advantage.Delphi:13839
Article PK: 1107274

Hi Gene,
At first, I entered them into the properties of the ADSConnection VCL. After
I realized the danger, I removed them and entered them programmatically.
Somehow, I can't get rid of them. I tried to find them in the .dfm file of
my D5 forms, but couldn't find anything. Rebuilding the entire app and
recompiling didn't do a thing. Is it possible that it loads them from the
environment?
Chris

"Gene Weinbeck" <genex_a_t_FundRaiserSoftware.com> wrote in message
news:e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com...
> on Tue, 2 Sep 2003 09:00:11 -0400, "Chris" <cleong28@attbi.com> wrote:
>
> >In every .exe, you can find the system administrator's username=adssys
and
> >password
>
> I presume that you have entered those into the properties of the
> ADSConnection component. Better is to assign the password
> programmatically.
>
> What I do for the AdsSys password is to "build" it from individual
> characters returned from oddly named functions scattered around the
> app, then set the password equal to that built string. I have no idea
> how secure that is, but it seems a reasonable obstacle. Maybe someone
> here knows of a better way to handle this.
>
> I store non-Administrative usernames and passwords in an encrypted ADT
> file.
>
> Gene Weinbeck
> FundRaiser Software
> genex at FundRaiserSoftware.com


Jeffrey A. Wormsley Posted on 2003-09-02 20:52:40.0Z
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
From: "Jeffrey A. Wormsley" <jwormsley@nospam.debitek.com>
References: <3f549484@solutions.advantagedatabase.com> <e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com> <3f54bdf7@solutions.advantagedatabase.com>
Message-ID: <Xns93EAA148A70F7jwormsleyatdebitekdo@198.60.237.56>
User-Agent: Xnews/06.01.10
NNTP-Posting-Host: 68.152.88.12
Date: 2 Sep 2003 13:52:40 -0700
X-Trace: 2 Sep 2003 13:52:40 -0700, 68.152.88.12
Lines: 12
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!68.152.88.12
Xref: solutions.advantagedatabase.com Advantage.Delphi:13842
Article PK: 1107277

"Chris" <cleong28@attbi.com> wrote in
news:3f54bdf7@solutions.advantagedatabase.com:

> Somehow, I can't get rid of them. I tried to find them in the .dfm
> file of my D5 forms, but couldn't find anything. Rebuilding the entire
> app and recompiling didn't do a thing. Is it possible that it loads
> them from the environment?
>

If the DCU hasn't changed, it will be there. Try deleting the DCU's.

Jeff.


Gene Weinbeck Posted on 2003-09-02 20:05:12.0Z
From: Gene Weinbeck <genex_a_t_FundRaiserSoftware.com>
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
Date: Tue, 02 Sep 2003 15:05:12 -0500
Organization: FundRaiser Software
Message-ID: <prt9lv0kue0srk4vfdtv9lipkk90v12hud@4ax.com>
References: <3f549484@solutions.advantagedatabase.com> <e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com> <3f54bdf7@solutions.advantagedatabase.com>
X-Newsreader: Forte Agent 1.93/32.576 English (American)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: 69.29.39.118
X-Trace: 2 Sep 2003 14:09:17 -0700, 69.29.39.118
Lines: 17
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!69.29.39.118
Xref: solutions.advantagedatabase.com Advantage.Delphi:13843
Article PK: 1107279


on Tue, 2 Sep 2003 11:56:47 -0400, "Chris" <cleong28@attbi.com> wrote:

>Rebuilding the entire app and
>recompiling didn't do a thing. Is it possible that it loads them from the
>environment?

I don't know about that. Maybe someone from Advantage can answer
that.

What I would do is use an external editor (like MultiEdit, or even
Windows Search) to search for "AdsSys" in the dfm files to see where
it is showing up. I expect there is another occurrence of that
component somewhere.

Gene Weinbeck
FundRaiser Software
genex at FundRaiserSoftware.com


Jeremy D. Mullin Posted on 2003-09-03 14:49:41.0Z
From: Jeremy D. Mullin <jeremym@extendsys.com>
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
Date: Wed, 3 Sep 2003 08:49:41 -0600
Message-ID: <MPG.19bfad7479aac74c989b86@solutions.advantagedatabase.com>
References: <3f549484@solutions.advantagedatabase.com> <e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com> <3f54bdf7@solutions.advantagedatabase.com>
Organization: ESI
X-Newsreader: MicroPlanet Gravity v2.30
NNTP-Posting-Host: 198.60.232.45
X-Trace: 3 Sep 2003 08:49:04 -0700, 198.60.232.45
Lines: 18
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!198.60.232.45
Xref: solutions.advantagedatabase.com Advantage.Delphi:13853
Article PK: 1107290

In article <3f54bdf7@solutions.advantagedatabase.com>, cleong28
@attbi.com says...

> Is it possible that it loads them from the
> environment?

I'm not sure what you mean here, but the ADS components don't pull
anything from the environment, if that helps at all.

I'm sure you have a string literal either in a .dfm or a .pas somewhere.
If your .dfm files are stored as text you can just grep your entire
application directory. Something like:

grep -I mypassword *.*

It will ignore the binary files in the directory.

J.D. Mullin
Advantage R&D


Chris Posted on 2003-09-04 14:22:52.0Z
From: "Chris" <cleong28@attbi.com>
Newsgroups: advantage.delphi
References: <3f549484@solutions.advantagedatabase.com> <e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com> <3f54bdf7@solutions.advantagedatabase.com> <MPG.19bfad7479aac74c989b86@solutions.advantagedatabase.com>
Subject: Re: Hack in ADS
Date: Thu, 4 Sep 2003 10:22:52 -0400
Lines: 27
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
NNTP-Posting-Host: 68.163.97.139
Message-ID: <3f574af6@solutions.advantagedatabase.com>
X-Trace: 4 Sep 2003 08:23:50 -0700, 68.163.97.139
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!68.163.97.139
Xref: solutions.advantagedatabase.com Advantage.Delphi:13872
Article PK: 1107311

I'm a bit confused. What does grep do?
Thanks.
Chris

"Jeremy D. Mullin" <jeremym@extendsys.com> wrote in message
news:MPG.19bfad7479aac74c989b86@solutions.advantagedatabase.com...
> In article <3f54bdf7@solutions.advantagedatabase.com>, cleong28
> @attbi.com says...
> > Is it possible that it loads them from the
> > environment?
>
> I'm not sure what you mean here, but the ADS components don't pull
> anything from the environment, if that helps at all.
>
> I'm sure you have a string literal either in a .dfm or a .pas somewhere.
> If your .dfm files are stored as text you can just grep your entire
> application directory. Something like:
>
> grep -I mypassword *.*
>
> It will ignore the binary files in the directory.
>
> J.D. Mullin
> Advantage R&D


Jeremy D. Mullin Posted on 2003-09-05 13:40:03.0Z
From: Jeremy D. Mullin <jeremym@extendsys.com>
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
Date: Fri, 5 Sep 2003 07:40:03 -0600
Message-ID: <MPG.19c24022aeaf6426989b8c@solutions.advantagedatabase.com>
References: <3f549484@solutions.advantagedatabase.com> <e779lv82devkjmo9v0l2aa8vtsul9g614c@4ax.com> <3f54bdf7@solutions.advantagedatabase.com> <MPG.19bfad7479aac74c989b86@solutions.advantagedatabase.com> <3f574af6@solutions.advantagedatabase.com>
Organization: ESI
X-Newsreader: MicroPlanet Gravity v2.30
NNTP-Posting-Host: 198.60.232.45
X-Trace: 5 Sep 2003 07:39:55 -0700, 198.60.232.45
Lines: 5
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!198.60.232.45
Xref: solutions.advantagedatabase.com Advantage.Delphi:13887
Article PK: 1107326

In article <3f574af6@solutions.advantagedatabase.com>, cleong28
@attbi.com says...
> I'm a bit confused. What does grep do?

It's a utility. Do a web search and read about it.


Jeremy D. Mullin Posted on 2003-09-02 14:30:21.0Z
From: Jeremy D. Mullin <jeremym@extendsys.com>
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
Date: Tue, 2 Sep 2003 08:30:21 -0600
Message-ID: <MPG.19be576cdce868cd989b81@solutions.advantagedatabase.com>
References: <3f549484@solutions.advantagedatabase.com>
Organization: ESI
X-Newsreader: MicroPlanet Gravity v2.30
NNTP-Posting-Host: 198.60.232.45
X-Trace: 2 Sep 2003 08:28:57 -0700, 198.60.232.45
Lines: 46
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!198.60.232.45
Xref: solutions.advantagedatabase.com Advantage.Delphi:13836
Article PK: 1107273


> a hex editor and used it to look into my .exes. What I found scared me. In
> every .exe, you can find the system administrator's username=adssys and
> passwordword if you want to get into the DD. This has serious implication

If you put a password string literal into a property of a component at
design time then it will be put into the executable. This is mentioned
in the following note about the password property in the help file:

Note Storing hard-coded user name and password entries as property
values or in code for an OnLogin event handler can compromise server
security

I'm not sure how others have handled this issue when the password is
used internally by the application (as opposed to asking the user for a
password), but I know there are many ways to accomplish this task. Some
google newsgroup searches will probably turn up quite a few methods.

Best of Luck,
J.D. Mullin
Advantage R&D

In article <3f549484@solutions.advantagedatabase.com>, cleong28
@attbi.com says...
> Hi All,
> I was curious about the security of ADS 6.2 (or any version), so I download
> a hex editor and used it to look into my .exes. What I found scared me. In
> every .exe, you can find the system administrator's username=adssys and
> passwordword if you want to get into the DD. This has serious implication
> for commercial software as it allows people to easily "steal" your software.
> We use couple control files (.adt) to store important info such as serial
> number and server access type (LOCAL,REMOTE, or INTERNET) and EVAL or
> PRODUCTION version. This makes our programs vunerable because they can be
> changed these easily.
> I'm curious about how some of you handle this issue?
> If I encrypt my tables by checking the encrypt tables checkbox in ARC32, do
> I also have to call AdsEnableEncryption(mypassword) programmatically to
> activate encryption for the table? I tried it without calling
> AdsEnableEncryption and I can see most of the data un-encrypted using the
> hex editor. I'm not sure if I'll get a program error if I call
> AdsEnableEncryption as the program checks some of these fields from time to
> time.
> Thanks for any suggestions.
> Chris
>
>
>


Udo Nesshoever Posted on 2003-09-05 09:56:41.0Z
Message-ID: <bj9tlr.an.2@nesshoever.net>
From: "Udo Nesshoever" <newsgroup.reply.4@gmx.net>
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
Date: Fri, 05 Sep 2003 11:56:41 +0200
References: <3f549484@solutions.advantagedatabase.com> <MPG.19be576cdce868cd989b81@solutions.advantagedatabase.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 15
NNTP-Posting-Host: 62.225.210.25
X-Trace: 5 Sep 2003 04:05:04 -0700, 62.225.210.25
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!62.225.210.25
Xref: solutions.advantagedatabase.com Advantage.Delphi:13881
Article PK: 1107318


On Tue, 2 Sep 2003 08:30:21 -0600 Jeremy D. Mullin wrote:

>I'm not sure how others have handled this issue when the password is
>used internally by the application (as opposed to asking the user for a
>password), but I know there are many ways to accomplish this task. Some
>google newsgroup searches will probably turn up quite a few methods.

I'm using preencrypted strings and decrypt them while running the
program. That doesn't "remove" the password but it criples it at least
enough to hide it from simple hex-edit-search-for-password-crackers.
I also use a passphrase to decrypt that itself is encrypted. I guess
it's still crackable but with much more effort.

Cheers,
Udo


Joachim Duerr (ADS Support) Posted on 2003-09-03 08:58:00.0Z
From: "Joachim Duerr (ADS Support)" <jojo.duerr@gmx.de>
Subject: Re: Hack in ADS
Newsgroups: Advantage.Delphi
References: <3f549484@solutions.advantagedatabase.com>
Organization: Extended Systems GmbH
User-Agent: XanaNews/1.15.6.2
X-Face: ,QMv7[luB)BpWAQ~:"kw6n%0ieY63.:g2K3n~8ky0;||5Xle*Xq+=~<Fy:0CVC2nx@8~vZ
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
NNTP-Posting-Host: 195.2.185.25
Message-ID: <3f559f08@solutions.advantagedatabase.com>
Date: 3 Sep 2003 01:58:00 -0700
X-Trace: 3 Sep 2003 01:58:00 -0700, 195.2.185.25
Lines: 17
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!195.2.185.25
Xref: solutions.advantagedatabase.com Advantage.Delphi:13848
Article PK: 1107285


Chris wrote in <3f549484@solutions.advantagedatabase.com> :

> If I encrypt my tables by checking the encrypt tables checkbox in
> ARC32, do I also have to call AdsEnableEncryption(mypassword)
> programmatically to activate encryption for the table?

No.
If you check the encrypted flag, you have to encrypt all the tables in
the dictionary itself (e.g. using Architect).
AdsEnableEncryption is only used for free tables.

--
Joachim Duerr
Lead ADS Support, Extended Systems GmbH, Germany
advantage[AT]extendsys.de
- posted with Xananews 1.15.6.2 -
!!! ADS 7 Beta now available !!!


Jeremy D. Mullin Posted on 2003-09-12 21:00:53.0Z
From: Jeremy D. Mullin <jeremym@extendsys.com>
Newsgroups: advantage.delphi
Subject: Re: Hack in ADS
Date: Fri, 12 Sep 2003 15:00:53 -0600
Message-ID: <MPG.19cbe1f0a9bd40f7989b91@solutions.advantagedatabase.com>
References: <3f549484@solutions.advantagedatabase.com>
Organization: ESI
X-Newsreader: MicroPlanet Gravity v2.30
NNTP-Posting-Host: 198.60.232.45
X-Trace: 12 Sep 2003 14:58:57 -0700, 198.60.232.45
Lines: 58
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!198.60.232.45
Xref: solutions.advantagedatabase.com Advantage.Delphi:13942
Article PK: 1107377

Chris,

I think I found out how this can happen. Currently (6.2) if you make a
connection at design-time from the ide, the TAdsConnection component
will take the password and populate the TAdsConnection.Password property
with it. If you then save the form the password will be saved in the
form, and eventually in the exe once you build it.
I have fixed this for the 7.0 release.

J.D. Mullin
Advantage R&D

PS - If you want to change this for a pre-7.0 build, change the
following lines in adscnnct.pas, TAdsConnection.GetAdsConnection:


FUsername := strUserName;
FPassword := strPasswd;


to this:


FUsername := strUserName;
if not ( csDesigning in ComponentState ) then
FPassword := strPasswd;


Then open adsd?0.dpk and rebuild it. Then open adsd?0d.dpk and rebuild
it too.



In article <3f549484@solutions.advantagedatabase.com>, cleong28
@attbi.com says...

> Hi All,
> I was curious about the security of ADS 6.2 (or any version), so I download
> a hex editor and used it to look into my .exes. What I found scared me. In
> every .exe, you can find the system administrator's username=adssys and
> passwordword if you want to get into the DD. This has serious implication
> for commercial software as it allows people to easily "steal" your software.
> We use couple control files (.adt) to store important info such as serial
> number and server access type (LOCAL,REMOTE, or INTERNET) and EVAL or
> PRODUCTION version. This makes our programs vunerable because they can be
> changed these easily.
> I'm curious about how some of you handle this issue?
> If I encrypt my tables by checking the encrypt tables checkbox in ARC32, do
> I also have to call AdsEnableEncryption(mypassword) programmatically to
> activate encryption for the table? I tried it without calling
> AdsEnableEncryption and I can see most of the data un-encrypted using the
> hex editor. I'm not sure if I'll get a program error if I call
> AdsEnableEncryption as the program checks some of these fields from time to
> time.
> Thanks for any suggestions.
> Chris
>
>
>


Chris Posted on 2003-09-15 21:31:29.0Z
From: "Chris" <cleong28@attbi.com>
Newsgroups: advantage.delphi
References: <3f549484@solutions.advantagedatabase.com> <MPG.19cbe1f0a9bd40f7989b91@solutions.advantagedatabase.com>
Subject: Re: Hack in ADS
Date: Mon, 15 Sep 2003 17:31:29 -0400
Lines: 74
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
NNTP-Posting-Host: 68.163.108.153
Message-ID: <3f662ff2@solutions.advantagedatabase.com>
X-Trace: 15 Sep 2003 15:32:34 -0700, 68.163.108.153
Path: solutions.advantagedatabase.com!solutions.advantagedatabase.com!68.163.108.153
Xref: solutions.advantagedatabase.com Advantage.Delphi:13954
Article PK: 1107390

Thanks. It's good to know that.
Chris

"Jeremy D. Mullin" <jeremym@extendsys.com> wrote in message
news:MPG.19cbe1f0a9bd40f7989b91@solutions.advantagedatabase.com...
> Chris,
>
> I think I found out how this can happen. Currently (6.2) if you make a
> connection at design-time from the ide, the TAdsConnection component
> will take the password and populate the TAdsConnection.Password property
> with it. If you then save the form the password will be saved in the
> form, and eventually in the exe once you build it.
> I have fixed this for the 7.0 release.
>
> J.D. Mullin
> Advantage R&D
>
> PS - If you want to change this for a pre-7.0 build, change the
> following lines in adscnnct.pas, TAdsConnection.GetAdsConnection:
>
>
> FUsername := strUserName;
> FPassword := strPasswd;
>
>
> to this:
>
>
> FUsername := strUserName;
> if not ( csDesigning in ComponentState ) then
> FPassword := strPasswd;
>
>
> Then open adsd?0.dpk and rebuild it. Then open adsd?0d.dpk and rebuild
> it too.
>
>
>
> In article <3f549484@solutions.advantagedatabase.com>, cleong28
> @attbi.com says...
> > Hi All,
> > I was curious about the security of ADS 6.2 (or any version), so I
download
> > a hex editor and used it to look into my .exes. What I found scared me.
In
> > every .exe, you can find the system administrator's username=adssys and
> > passwordword if you want to get into the DD. This has serious
implication
> > for commercial software as it allows people to easily "steal" your
software.
> > We use couple control files (.adt) to store important info such as
serial
> > number and server access type (LOCAL,REMOTE, or INTERNET) and EVAL or
> > PRODUCTION version. This makes our programs vunerable because they can
be
> > changed these easily.
> > I'm curious about how some of you handle this issue?
> > If I encrypt my tables by checking the encrypt tables checkbox in ARC32,
do
> > I also have to call AdsEnableEncryption(mypassword) programmatically to
> > activate encryption for the table? I tried it without calling
> > AdsEnableEncryption and I can see most of the data un-encrypted using
the
> > hex editor. I'm not sure if I'll get a program error if I call
> > AdsEnableEncryption as the program checks some of these fields from time
to
> > time.
> > Thanks for any suggestions.
> > Chris
> >
> >
> >