'hack' test results

JohnRule at aol.com JohnRule at aol.com
Sat Apr 20 12:27:01 EDT 2002


> The only data they should be seeing is the data I want
> to show to them.  Other data is all in hidden fields.
> Could you be more verbose?


I just did another 'hack' test...with MCRipper this time:

http://www.inspiredlogic.com/mc/ripper.html

It cannot 'rip' password protected stacks (at least I couldn't get it to) so 
that is a relief.

MCRipper will 'rip' invisible objects (including any text or scripts) even if 
the stack is password protected. So the conclusion...any information in text 
fields (even hidden fields) is not totally safe.

Solution:
  Load the information from the field into a variable...then delete the text 
from the field. You are still susceptable to any 'prying' if you give the 
users the capability to load any stack (i.e. I could load a stack that 
searches all variables). You may have to go so far as to binaryConvert your 
data to/from the variable, and even further encryption for 110% protection 
(maybe break the data into pieces, and put it into multiple variables). I 
wish we didn't have to worry about this...it kind of kills the 'creative' 
juices.

MCRipper looks like a useful tool actually (I think the authors intentions 
are honest)...nice work! 

I wonder if I can 'rip' MCRipper...hmmm.


JR



More information about the use-livecode mailing list