|
Keep stored password in a file?
Hi,
I want my program has password confirmation to open a menu. The admin of the PC can set the password. Everyone have to enter password to open that menu. Admin and guest can change the password as long as they know the current password. I want to store the encrypted password in a key file. What happen if guest delete the key file? What happen if guest replace the key file with the original key file (contain empty password)? The effect is my program will have empty password :( I need some suggestions here about the concept / scheme about my questions. Thanks. |
AW: Keep stored password in a file?
what if you set the file's attribute to write-protected / read-only?
|
AW: Keep stored password in a file?
Hi,
let the user open the menu only if the password is not empty. Of course he can reset the password to empty, at least by a re-installation, if you deliver or first-install the software without password. I can see no protection against this, since i can install on a newly formatted partition without any history. regards Reinhard |
AW: Keep stored password in a file?
you could hide a checksum (md5, sha1 or what ever. btw. never store the real password), in the registry. if this is not secure enough, you could place the checksum on a secure server in the network.
|
AW: Keep stored password in a file?
For installation, your program do need administrator rights. The hashed or encrypted password is stored in administrators AppData and a copy of it in AllUsersData.
If the copy in AllUsersData is lost, the menu is locked, can only be restored by the administrator from admins AppData. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:02 Uhr. |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024 by Thomas Breitkreuz