Internal security of Rev?
John Tregea
john at debraneys.com
Tue Jul 11 22:56:37 EDT 2006
Thanks Chipp and Troy,
I have looked at the encryption that is built into Rev and it seems very
robust in terms of encrypting data. But I have to save the bit length,
encryption type and key string (128 byte character string) inside rev to
be able to un-encrypt the data coming back from the database. I have
base64encoded them in my trials (and stuck them in custom properties)
but know that the syntax in the scripts spells out where to get the info
and how to decode it.
Like putting a big padlock on the door with a note stuck to it saying
"the key is under the mat".
John
Troy Rollins wrote:
>
> On Jul 11, 2006, at 9:49 PM, John Tregea wrote:
>
>> Our application will be used to front end a database that contains
>> classified information, the initial login account details would have
>> to be stored in the Rev application (inside custom properties
>
> IIRC, a couple of years back I planned to use custom properties for
> this sort of thing. As I remember it, that had to be ditched because
> custom properties ended up as plain text, easily readable by dropping
> the stack file on a text editor. I think we pulled the properties into
> script and populated them at runtime, which gave a marginally more
> secure feeling.
>
> To this day I still don't know of a very good way to handle this in
> Rev produced apps. I'm all ears.
>
> --
> Troy
> RPSystems, Ltd.
> http://www.rpsystems.net
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
More information about the use-livecode
mailing list