|
If its for NT/2K/XP... isnt there a registry string type that will encrypt automaticly ? (Maybe it was added only starting with XP.
Just a thought.
|
|
|
|
|
darkbyte wrote:
isnt there a registry string type that will encrypt automaticly ?
I only know of:
REG_NONE
REG_SZ
REG_EXPAND_SZ
REG_BINARY
REG_DWORD
REG_DWORD_BIG_ENDIAN
REG_LINK
REG_MULTI_SZ
REG_RESOURCE_LIST
REG_FULL_RESOURCE_DESCRIPTOR
REG_RESOURCE_REQUIREMENTS_LIST
REG_QWORD
"When I was born I was so surprised that I didn't talk for a year and a half." - Gracie Allen
|
|
|
|
|
Yeah, my mistake, i was confusing myself with IIS Metabase Data Types.
|
|
|
|
|
See :
CryptProtectData()
CryptUnprotectData()
I generally build a string "<username>\n<userpass>", encrypt it, and store in a single registry key.
The weakness is that anyone able to run as the user that encrypts the data can also decrypt it.
...cmk
Save the whales - collect the whole set
|
|
|
|
|
u should be saving md5 hashes of the username and password in the registry i think
"there is no spoon" biz stuff about me
|
|
|
|
|
i face similar problem,
therw may be many solution to this problem,the solution is this.
i when ever i save the password in registry i Encrypt using RC4 encryption and when ever i need it i decrypt it and make use of it
-----------------------------
"I Think It will Work"
Formerly Known As "Alok The Programmer" at CP
-----------------------------
Alok Gupta
visit me at http://www.thisisalok.tk
|
|
|
|
|
I think it all depends on the level of protection you require on the password
You may or may not need the password to be decrypted which imposes 2 different ways of storing the data.
1) Need to decrypt
This is a weak way of storing a password because it can be decrypted but one might find this easier to handle since they can display the password after or send it by e-mail etc.
2) No need to decrypt
You store a non-decryptable version of the password or user/pass (if it applies) then when you need to validate the password, you encrypt the source data (password or user/pass) and compare versus what's found in your storage (registry). This also has the advantage that you will mostly never have the password unencrypted in process memory except for the source data which isnt guaranteed to match.
Once you decided on how you want to handle storage, you can better decide which encryption method you're going to use. Remember that each encryption system has its strengths and its weaknesses.
|
|
|
|
|
You should never save a password, even an encrypted one, especially in the registry. You should, instead, save a cryptographic hash value that results from the password, and user name if you want to be really secure.
The way this works is that different passwords and/or usernames will produce different consistant hash values and you can not reverse engineer a password and/or user name from the hash value. When a user enters a password you can compare the resulting hash value to the saved value and determine if the password is correct without ever storing the actual password in a data store. If the hash values match you can say with a high degree of certainty that the user entered the correct password.
A 160 bit hash value is currently considered to be the standard for a secure system.
MD5 produces a 128 bit hash value, which is a bit undersized by todays standards, and, additionally, has been known to contain theoretical flaws which have recently been shown to be exploitable for applications like you are describing. It is still a viable hashing algorythm for certain types of applications but not for your application.
I would recommend SHA256 at a minimum (256 bit hash value) or for extreme security SHA384 or SHA512. SHA384 or SHA512 require 64 bit arithmetic and you must be carefull if you are implementing them on a 32 bit processor due to the difference in the way numbers are stored on different architectures. Therefore, since SHA256 exceeds the current standard for security and can be implemented with 32 bit arithmetic I would recommend that you use it as your hashing algorythm.
|
|
|
|
|
So I have a lot of different C++ objects with members. Strings, ints etc.
Objects get populated from database. Used to do it using MFC ODBC classes. Then I decided to go OLE DB. Wow! So. Now instead of CRecordset we use CAccessor<> , right? To map members to fields now I have to use TCHAR or CComBSTR for strings, right?
But I'd like to keep my objects as CString or std::string . I don't want to change all my code to operate with CComBSTR and I don't want make parallel just members to transfer data from database to my members. What do I do then? Is there a way to make COLUMN_ENTRY to accept CString or std::string ? Or somehow make an automatic transfer from one global CComBSTR (that would be used to retrieve the data) to those members?
Confusing?
|
|
|
|
|
ATL has a version of CString in atlstr.h. You should be able to use this.
|
|
|
|
|
No,no,no. I need in VC 6.
|
|
|
|
|
VC6 comes with ATL...
Ryan "Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
|
|
|
|
|
But ATL in VC6 doesn't come with atlstr.h. It's in VC7.
|
|
|
|
|
|
Yeah. But how does it help?
I can get data using CComBSTR just as well.
But these macros:
<br />
BEGIN_COLUMN_MAP(CUserRowset)<br />
COLUMN_ENTRY(1, m_bstrID)<br />
COLUMN_ENTRY(2, m_bstrDescription)<br />
....<br />
END_COLUMN_MAP()<br />
for linking fields to members require members to be CComBSTR (or _bstr_t you are talking about). But my members are CString and/or std:string
and I don't want to convert the rest of my code to use BSTRs.
|
|
|
|
|
inner wrote:
I don't want to convert the rest of my code to use BSTRs.
You must whenever using COM interfaces. It is the COM form of string. Unless you want to use byte arrays which are not easier. At least _bstr_t has simple conversion interface to char and wchar making life easy to use CString and std::string/wstring
-- signature under construction -- -pete
|
|
|
|
|
I have a win32 application that I'm using to test some stuff (just basic algorithm) and timing the execution of the program depending on the file I drop on the exe. When it's done, it displays a messagebox with the amount of time it took to complete the operation. However, if it takes a long time, the DOS-looking console window is displayed the whole time. I don't want any window displayed except the messagebox signaling that the event is over. How can I accomplish this?
[insert witty comment here]
bdiamond
|
|
|
|
|
Why not the old ShowWindow (hWnd, SW_HIDE)
And in order to get the hWnd, either
// change current window title to something *UNIQUE*
SetConsoleTitle(title);
// ensure window title has been updated
Sleep(40);
hWnd = FindWindow(NULL, title);
// If found, hide it
if (hWnd)
{
ShowWindow(hWnd, SW_HIDE);
}
Or if only for Win 2000 (XP ...) use the GetConsoleWindow
HWND (WINAPI* gpfnGetConsoleWindow)() = (HWND (WINAPI*)())
GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "GetConsoleWindow");
if(gpfnGetConsoleWindow)
{
hWnd = gpfnGetConsoleWindow();
}
Papa
while (TRUE)
Papa.WillLove ( Bebe ) ;
|
|
|
|
|
Hey
I seam to have problem using RichTextBox.
I´ve written the following pice of code:
case WM_CREATE:
HWND hRich;
hRich = CreateWindowEx(WS_EX_CLIENTEDGE, RICHEDIT_CLASS, "",
WS_CHILD | WS_VISIBLE, 0, 0, 100, 100, hWnd, NULL, GetModuleHandle(NULL), NULL);
if(hRich == NULL)
MessageBox(hWnd, "Could not create RichTextBox.", "Error", MB_OK | MB_ICONERROR);
break;
if(!hRich) runs and I get the message that RichTextBox couldnt be created. Anyone got any idea whats wrong?
I´m using Visual Studio .NET 2003
Thanks.
humpa humpa
|
|
|
|
|
Read up in the MSDN on the function CreateWindowEx. I believe that in order for you to use the RICHEDIT_CLASS you must first call the RegisterClass or RegisterClassEx to register your RICHEDIT_CLASS.
If the function succeeds, the return value is a class atom that uniquely identifies the class being registered. This atom can only be used by the CreateWindow, CreateWindowEx.
Tom Wright
tawright915@yahoo.com
|
|
|
|
|
i don't know if this is it, but does your application need to call AfxOleInit()?
[insert witty comment here]
bdiamond
|
|
|
|
|
SuperTank wrote:
Anyone got any idea whats wrong?
How about calling GetLastError() ?
"When I was born I was so surprised that I didn't talk for a year and a half." - Gracie Allen
|
|
|
|
|
I acctualy got it working. All I had to do was to add LoadLibrary("Riched20.DLL");
It seams to be very common fault.
humpa humpa
|
|
|
|
|
I am deriving from CStatic class to create a CStatic with customized font and coloration .
But my problem is that during creation how do I and where do specify the Font to be used ?
|
|
|
|
|