1. Avory Rose Pastoral
  2. PowerBuilder
  3. Thursday, 23 May 2024 08:24 AM UTC

Hi Everyone,

 

I have an existing PB 2019 project that needs an encryption and decryption of INI file. (the INI file contains database credentials). I don't have any idea how will I'm going to do that, so any help or suggestions would be very much appreciated. 

 

 

Please help. Thank you.

Miguel Leeuwe Accepted Answer Pending Moderation
  1. Thursday, 23 May 2024 14:31 PM UTC
  2. PowerBuilder
  3. # 1

Maybe I'm ignorant, but ...

How would encryption prevent anyone who can read your ini file, to still be able to connect by simply using the same encrypted values for user and password?

regards

Comment
  1. Roland Smith
  2. Tuesday, 4 June 2024 12:58 PM UTC
My point was that if the uid/pwd are encrypted in an ini file, a hacker that got into the computer could run the app and it would decrypt the uid/pwd and login successfully.
  1. Helpful
  1. Roland Smith
  2. Tuesday, 4 June 2024 16:54 PM UTC
The user should be required to enter the userid & password. Whether the values are encrypted in a file or within the program code, a hacker will be able to run the app if not prompted for the credentials.
  1. Helpful
  1. Chris Pollach @Appeon
  2. Tuesday, 4 June 2024 17:09 PM UTC
That is why I would use place holders for that like "<UserID> and <PassWord>" values. Then substitute the real values at App runtime that would then be encrypted in the TO using =>random<= encryption methods EVERYTIME a TO is instantiated (which the STD framework works automatically). ;-)
  1. Helpful
There are no comments made yet.
Roland Smith Accepted Answer Pending Moderation
  1. Thursday, 23 May 2024 13:25 PM UTC
  2. PowerBuilder
  3. # 2

The ini file setting would look something like this:

DBPassword=h+ip7OhzSaBK1TmcOo3bMWRJYWyuc6CqcPYBWb7Mkkw=

The CrypterObject encryption functions produce a blob so if your app is updating the ini file password, you need to use CoderObject to convert it into a Base64 string. To decode the string, you would use CoderObject to convert the Base64 string back to a blob and feed that into CrypterObject to get the unencrypted password.

If you are worried about spy software reading app memory, do the conversion in local variables so that the unencrypted value doesn't hang around in memory. Then blank out sqlca properties after the connection is made.

Comment
There are no comments made yet.
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 23 May 2024 12:06 PM UTC
  2. PowerBuilder
  3. # 3

Hi Avory;

  My STD Framework does that as a standard feature. It also decrypts / encrypts the Transaction Object in memory automatically during a "Connect;". It now has a separate App too for managing & changing the INI values for different environments (ie: QA, IT, UAT, Prod, etc.). The feature also allows a unique encryption / decryption key by App.

FYI: https://chrispollach.blogspot.com/2024/05/2024r2.html

  The framework is free & open source. So feel free to either use it "as is" or assimilate the code that you need if you find a feature interesting. HTH 

Regards ... Chris

Comment
  1. Roland Smith
  2. Wednesday, 29 May 2024 01:49 AM UTC
My examples come in 10.5 and 12.6 versions. Open the 12.6 version in 2019 and it will migrate and work fine.
  1. Helpful
  1. Avory Rose Pastoral
  2. Monday, 3 June 2024 07:44 AM UTC
Hello Roland, I have a .Net DLL do you happen to know how to import the .Net DLL to PB 12.5 classic? Thank you.
  1. Helpful
  1. Roland Smith
  2. Tuesday, 4 June 2024 12:56 PM UTC
12.5 can only use OLE to call .Net functions.
  1. Helpful
There are no comments made yet.
Andreas Mykonios Accepted Answer Pending Moderation
  1. Thursday, 23 May 2024 11:54 AM UTC
  2. PowerBuilder
  3. # 4

Hi.

For encryption, you will have to use CrypterObject object. Documentation for:

PB 2019 R3 -> CrypterObject object - - Objects and Controls (appeon.com)

PB 2019 R2 -> CrypterObject object - - Objects and Controls (appeon.com)

PB 2019 -> CrypterObject object - - Objects and Controls (appeon.com)

You want to encrypt all the information included in the ini, or some specific values?

Have you thought what should be the encryption key? You want the encryption to be for each computer, each user or both? Those are some of the questions you should answer. At this point your question is to generic.

Andreas.

Comment
  1. Miguel Leeuwe
  2. Monday, 3 June 2024 10:24 AM UTC
Hmm, how to create a COM wrapper if you don't have the source code?
  1. Helpful
  1. Andreas Mykonios
  2. Monday, 3 June 2024 11:38 AM UTC
You can create a class that reference an assembly and make your class and some of its methods com visible.

Andreas.
  1. Helpful
  1. Avory Rose Pastoral
  2. Tuesday, 4 June 2024 05:01 AM UTC
I don't have the source code. All I have is the DLL.
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.