encrypted stacks

[DVGlasgow at aol.com]

Thanks to those who offered previous posts on using encrypted stacks.  I feel 
slightly foolish posting, particularly in light of the learned encryption 
posts we have had lately.  

Anyhow, i stumbled accidentally on an AHA! that might help those just 
starting to think about these things.

I thought that you *had* to use Passkey to decrypt an encrypted stack 
whenever you wanted to use it.  OK, the docs don't say this, but it is the normal way 
password protecting works, and the docs don't say it isn't like this.  

So my scripts all had passkey in until I forgot I had commented one out and 
the 'get' command still worked.  Now I might have expected that of the dev 
environment, but it was a surprise in a standalone.  It looks to me as though 
reading (decrypted data) from an encrypted stack is automatic.  You don't even 
seem to need the password to change the contents of a field in an encrypted stack 
in the dev environment.  Double click the encrypted stack, type what you 
want, save and close.  This was even more of a surprise.

However, it is marvelous for me, because I can just paste lists of authorised 
users into an encrypted users stack, burn to CD, and  the standalone will 
personalise itself on startup, no passwords, no nothing.  Just a get and a put.  

Most of my anticipated users are likely to be either honest or not IT 
literate enough to try to add or replace authorised users.  The few that might try 
will use a text editor and get rubbish.  Aside from  the possibilty that someone 
might download  Rev  and then discover they can then do what they want, are 
there any other ways sneaky users might get round this system?


Best wishes,

David Glasgow
Home/ forensic assessments --> <A HREF="http://members.aol.com/dvglasgow/">
DVGlasgow </A>
Courses --> <A HREF="http://www.i-Psych.co.uk">i-Psych</A>