Database Encryption Key
Bob Sneidar
bobs at twft.com
Fri May 6 14:52:19 EDT 2011
Hi Warren.
Someone pointed out in the last thread on the subject, that at a certain point, you are going to be in the same boat as any other developer. If someone wants in and they have the will and technology to do it, there isn't much you can do to absolutely prevent it.
It's my understanding that the key used to encrypt a stack or database is not kept in clear text in the stack itself (unless you put it there). In the process of getting the key from the user of course, there is that moment in time where it can be had, but how? Keyloggers? Hidden cameras? Janitor with photographic memory looking over the shoulder? Bribe or otherwise coerce someone who knows it into revealing it?
The nature of the data is going to dictate how valid or absurd those methods are. So as you are doing, the best you can do is your due diligence, and after that the chips will fall where they may. As I recall, the Nazis thought enigma was uncrackable, and we know how that went.
Bob
On May 6, 2011, at 11:38 AM, Warren Kuhl wrote:
> Chris,
>
> Yes...that would be a concern. I am just trying to do my best (or make it
> harder) for someone to hack my application and decrypt my database if the
> key is easily accessible.
>
> Warren
More information about the use-livecode
mailing list