[fpc-pascal] Resource strings, passwords etc.
Lukasz Sokol
el.es.cr at gmail.com
Wed Jul 13 10:03:48 CEST 2016
On 13/07/16 08:31, Mark Morgan Lloyd wrote:
> Michael Van Canneyt wrote:
>> On Tue, 12 Jul 2016, Mark Morgan Lloyd wrote:
>>
>>> Please excuse one of my regular silly questions. Elsewhere, a (former) Delphi programmer is uneasy having found that his binaries have had embedded SQL queries, passwords and so on visible "in clear" for the last 20 years or so.
>>>
>>> Can FPC be told to obfuscate ResourceStrings?
>>
>> No. The default value for resourcestrings is stored as-is in the binary.
>>
>> To solve this, I store the username/password encrypted in the binary as consts, and they are decrypted when needed.
>
> Sometimes it's difficult to avoid having to do that sort of thing, or obfuscating them in an external file.
>
Could it help to try doing this after linking the program binary, to build the resources and scramble them
using the program binary part checksum (or have it seed a PRNG and/or derive an encryption key / key pair from it) ?
Not that I know how ;) and whether such a thing is viable at all - or desirable (since an executable would
always have to be distributed with matching resources build). But how would that be for an idea ? ;)
el es
More information about the fpc-pascal
mailing list