Internal security of Rev?

John Tregea john at debraneys.com
Wed Jul 12 01:34:40 EDT 2006 

Hi Jim,

Remind me never to play poker with you... :-)

Thanks very much, I was leaning towards breaking things up into chunks 
and hiding them in places, but thought the script would allow a 
knowledgeable hacker to reverse my process to easily.

I will explore further (but quickly before my trial expires)

John

Jim Ault wrote:
> You could make a small bit compress/decompress routine which would give you
> less transparency. 
>
> Perhaps using BinaryEncode/BinaryDecode in the Rev lib.  Multiple variables
> in one call, very fast.  Fancier would be two levels of encoding.
>
> You could also INTERLACE the chars of a variable between two or more custom
> properties
>
> on doInterLace  textBlock --between 2 custom properties
>   put 1 into flag  --actually, any number will do
>   repeat for each char CH in textBlock
>     put flag*-1 into flag
>     put CH after tempArr[flag]
>   end repeat
>   set the custompropertyset of this stack to "lkupTA"
>   set the customproperties of this stack to tempArr
> end doInterLace
>
> And now you have interlaced chars (even cr's and nulls) in one propertyset
> in two custom properties [1] and [-1].  Let them read THAT with their
> morning coffee.
>
> Extra subterfuge...  build the above script at runtime so it isn't even in
> the file.... this is a 9-liner and you are allowed 10.
>
> build the script
> set the script of btn eraser to myScript
> insert the script of btn eraser into back
>
> doInterlace textBlock
>
> Of course you would not want to call it 'interlace'...  perhaps sunflower,
> or getIntOfLastItem.
>
> Jim Ault
> Las Vegas
>
> On 7/11/06 7:42 PM, "Troy Rollins" <troy_lists at rpsystems.net> wrote:
>
>   
>> On Jul 11, 2006, at 9:49 PM, John Tregea wrote:
>>
>>     
>>> Our application will be used to front end a database that contains
>>> classified information, the initial login account details would
>>> have to be stored in the Rev application (inside custom properties
>>>       
>> IIRC, a couple of years back I planned to use custom properties for
>> this sort of thing. As I remember it, that had to be ditched because
>> custom properties ended up as plain text, easily readable by dropping
>> the stack file on a text editor. I think we pulled the properties
>> into script and populated them at runtime, which gave a marginally
>> more secure feeling.
>>
>> To this day I still don't know of a very good way to handle this in
>> Rev produced apps. I'm all ears.
>>
>> --
>> Troy
>> RPSystems, Ltd.
>> http://www.rpsystems.net
>>
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription
>> preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>     
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
>

More information about the use-livecode mailing list