Printable View
I want to save passwords in a Resource file so as to make it more secure. How do I go about it?
Also can passwords be saved in a Manifest file so as to ensure that its highly secure i.e. there shouldn't be any way by which users can tamper with the password?
I know that passwords can be saved in the Registry but I did like to avoid playing with the Registry.
I dont think you can as resource files are compiled by rc.exe then compiled again into the exe. Why not encrypt the password and save to a text file, like cookies do?
Anyone can easily delete the text file or even change the password, isn't it?
Actually right now, I am saving the password in an ADS (Alternate Data Stream) file but the problem is neither FAT nor FAT32 support ADS files; ADS files can be created only in NTFS file systems. So if it happens that a user doesn't have NTFS in his system, then he won't be allowed to create a password.
CVMichael has a good example of encryption in his sig
Let CVMichael have a good encryption example or Michael Jackson, what's the use when the encrypted file can easily be tampered with, my dear friend! & that's exactly what I have stated in English in my previous post......Quote:
CVMichael has a good example of encryption in his sig
Well resources are easy to extract from an exe, so why not just write to the exe itsself in encrytped form?
Chill.Quote:
Originally Posted by arpan_de
To be frank, all the methods listed in this thread are more or less equally secure/insecure. Your best bet is (one-way) encryption and some method of checking whether the file in which it is stored has been tampered with, such as a checksum.
Man, you have quite the attitude for someone who's asking others for help...Quote:
Originally Posted by arpan_de
No matter what, there is always a way to modify the password files or info unless it is hard-coded int the program and have found a way to stop people from patching you application.
Regardless, there is only so much you can do to prevent people screwing with your apps.
And honestly, I am surprised anyone helped you in this thread. They offer solutions and you get all snide with everyone.
Well, I am extremely sorry friends if you have found my response scornful but believe me, I didn't mean it. Maybe I should have expressed myself in a different way.
Sorry once again, mates!
Jmacp, could you please show me a small example or link me to a post which does this? I have never done anything as such.Quote:
so why not just write to the exe itsself in encrytped form?