Board index » off-topic » Password protection of BDE?

Password protection of BDE?


2007-10-05 07:00:35 PM
off-topic19
Hi group.
Is it possible programatically to add password-protection of an existing
long-time running bde paradox database?
The database is running at many customer sites, and has until now been
without a password. Now we need to protect it. Is it possible to do that
from out Delphi application?
Thanks!
Jacob
 
 

Re:Password protection of BDE?

Jacob.. there's an old saying that "locks keep honest people away".. the
encrypting methods for paradox tables are easily, publicly cracked.. and
encrypted paradox tables are far more prone to corruption..
find ways using your network and programming rules to hide and/or restrict
access to the system.. or hire more honest employees..
Diamond Software Group
www.diamondsg.com/main.htm
Paradox Support & Sales
Diamond Sports Gems
www.diamondsg.com/gemsmain.htm
Sports Memorabilia and Trading Cards
"Jacob Havkrog" < XXXX@XXXXX.COM >wrote in message
Quote
Hi group.

Is it possible programatically to add password-protection of an existing
long-time running bde paradox database?

The database is running at many customer sites, and has until now been
without a password. Now we need to protect it. Is it possible to do that
from out Delphi application?

Thanks!
Jacob

 

Re:Password protection of BDE?

The encryption for Paradox tables is only useful for keeping casual
snoopers out of your data. There is a master password that will decrypt
Paradox tables and it is not difficult to find on the Internet.
That said, you can add a password using BDE API calls. It has been a
long time but I think you have to use DbiDoRestructure. Try searching
with Google or Google Groups and you should find something. There is
information about the BDE API in the BDE help file in your BDE
directory and also at info.borland.com/devsupport/bde/bdeapiex/
--
Bill Todd (TeamB)
 

{smallsort}

Re:Password protection of BDE?

Hello,
Quote
Is it possible programatically to add password-protection of an existing
long-time running bde paradox database?
Any protected Paradox table can be cracked without any password at all.
The checksum/hash (which is used to encrypt the data) is stored in header of
table. The master password is not required too.
So don't use the standard encryption method for Paradox table. You may use
the own encryption algorithm which you may use in OnGetText/OnSetText events
in Delphi for your fields in dataset and encrypt/decrypt the stored value.
But this is good solution only for tables without indexes and ref.integrity
 

Re:Password protection of BDE?

There's only one good way to protect your data: use a client-server
database. As long as your database files are accessible directly,
anyone can corrupt them, encrypted or not. Users may delete files, or
accidentally corrupt them with notepad. With a client/server database,
the only way to access the data is through the DBMS, which can be made
fully secure. Of course, theoretically, you can also accomplish this
by creating a multi-tier application, where the application server
accesses a paradox database located in a non-shared folder on a
server. This also makes it impossible to access the database files
directly, but you'd have to rewrite the application for that. And in
that case it doesn't make sense not to switch to a "grown-up" database.
 

Re:Password protection of BDE?

Jacob,
I realise that everybody commented on your question, but nobody
answered it. The answer is that you can use the DbiDoRestructure
function for this.
Sample code:
procedure SetTablePassword(const Session: TSession;
const DatabaseName, TableName, OldPassword, NewPassword: string);
var
SavCur: TCursor;
Base: TDatabase;
Tbl: CRTblDesc;
begin
Base := Session.OpenDatabase(DatabaseName);
try
if Length(OldPassword)>0 then
Session.AddPassword(OldPassword);
//Initialize table descriptor
FillChar(Tbl, SizeOf(Tbl), 0);
StrPLCopy(Tbl.szTblName, TableName, DBIMAXTBLNAMELEN);
StrCopy(Tbl.szTblType, szPARADOX);
StrPLCopy(Tbl.szPassword, NewPassword, DBIMAXNAMELEN);
Tbl.bProtected := (Length(NewPassword)>0); //Indicates encrypted
is desired
//Encryption/decryption may take a while
SavCur := Screen.Cursor;
Screen.Cursor := crHourGlass;
try
Check(DbiDoRestructure(Base.Handle, 1, @Tbl, nil, nil, nil,
False));
finally
Screen.Cursor := SavCur;
end;
finally
Session.CloseDatabase(Base);
end;
end;