Board index » delphi » security problem

security problem

I am constructing a security program for my computer. It was the result of,
not a hawk eyed mother wanting to see what is on my puter, but insomnia!
basically, what it does s ask for a password.

writeln('Enter Password:');
readln(password);

the problem lies in this code...
what i want is that when the password is entered, i want the text to be
starred, *** you get my drift... like any other password box.
How can i echo back an asterix, and not the charachter. i understand that
you will have to turn the echo off first, and then tell it to writeln * for
every charachter????????

another problem...

(for the same program)

how do i disable the ^crt?????

just to complete my security program, do you think it would be wise to have
my autoexec.bat renamed to autoexec2.bat, and moved to a floppy disk, and
then a new autoexec.bat file created in the C: area, linking only the other
autoexec2.bat file in?

e.g.
autoecxec.bat(stored in c:);

a:\autoexec2.bat

autoexec2.bat(stored in a:)

all my code originally in my autoexec file.

i understand that anybody will just be able to bypass the file, but they
wouldnt be able to change much if i dont keep my autoexec2.bat file on my
hard drive. if i have the floppy, no harm can be done? could this mean that
hackers wouldnt be able to access it if i took it out after booting.
I know this would make the boot a lot slower, but for security reasons it
would be a good idea?

i know this isnt a pascal question( well at least the end bit!) but please
help!
hehe, im gonna go test it on my other comp, ill let you know how i get
along!.

 

Re:security problem


You cant do this with readln. You would have to do this by your own with
a loop and readkey. But if it is just a program for yourself why arent
you installing winnt? This is probably 1000x more secure than an app in
the autoexec.bat.

Alex
--
** Pepsi Cola and animal protection **
**  http://www.pepsi{*word*76}bath.com/  **

Author of the Free Chatsystem PINO!  ||  Website: http://www.alcomp.net
Available at http://pino.cjb.net     ||  Chat   : pinochat.dhs.org:8080

Re:security problem


Quote
Craig Hennessey wrote:
> what i want is that when the password is entered, i want the text to be
> starred, *** you get my drift... like any other password box.

You must write your own input routine using a loop and readkey. Basically it
should look like this:

function Password: string;
var
  ch : char;
  s : string;
begin
  s := '';
  ch := readkey;
  while ch <> #13 do
  begin
    write('*');
    s := s + ch;
    ch := readkey
  end;
  password := s
end;

Note that this is only a skeleton. It does not handle cursor keys, backspace,
etc. Alternatively, you can set the foreground color to the background color.

Quote
> how do i disable the ^crt?????

What is ^crt?

Quote
> just to complete my security program, do you think it would be wise to have
> my autoexec.bat renamed to autoexec2.bat, and moved to a floppy disk, and
> then a new autoexec.bat file created in the C: area, linking only the other
> autoexec2.bat file in?

No. It's very easy to bypass this protection. If autoexec.bat cannot find
a:\autoexec2.bat, it will issue an error message and continue. Your system
won't be configured correctly, but the "hacker" will have full access to your
computer anyway. It is also possible to prevent the start-up files config.sys
and autoexec.bat from being executed by pressing F5 - take a look at the
command "switches" in your DOS manual or the online help.

If you want maximum protection, turn the password protection option of your
BIOS on.

Re:security problem


In article <83gg8d$rr...@newsg2.svr.pol.co.uk>, Craig Hennessey
<cr...@hennessey1.freeserve.co.uk> writes

Quote
>I am constructing a security program for my computer. It was the result of,
>not a hawk eyed mother wanting to see what is on my puter, but insomnia!
>basically, what it does s ask for a password.

>writeln('Enter Password:');
>readln(password);

>the problem lies in this code...
>what i want is that when the password is entered, i want the text to be
>starred, *** you get my drift...

You'll need to use the ReadKey function from the CRT unit to read each
character individually and write a '*' to the screen for each character
entered. Use a repeat..until loop and check for #13 [enter key] then
check the password.

--
Information on Newsgroup posted weekly on Sunday - read before writing!
Contains links to    |  http://homepages.force9.net/pascal/faq/
helpful information  |  http://www.merlyn.demon.co.uk/clpb-faq.txt
and some guidelines  |  ftp://garbo.uwasa.fi/pc/doc-net/faqclpb.zip

Re:security problem


Quote
"Craig Hennessey" <cr...@hennessey1.freeserve.co.uk> wrote in message

news:83gg8d$rrk$4@newsg2.svr.pol.co.uk...
Quote
> I am constructing a security program for my computer.
> writeln('Enter Password:');
> readln(password);

This has already been answered by Alexander and Frederic and Pedt
practically wrote you the code to it.

Quote
> another problem...
> how do i disable the ^crt?????

I don't exactly know what you mean by this, could it be something like
the *control* and *enter* key being pressed simultaniously? If so:
ReadKey
If you followed this newsgroup, you should know by now that some keys
and/or keycombinations return a double answer, use that.

Quote
> just to complete my security program, do you think it would be wise
to have
> my autoexec.bat renamed to autoexec2.bat, and moved to a floppy
disk, and
> then a new autoexec.bat file created in the C: area, linking only
the other
> autoexec2.bat file in?

if you are just looking for a home-made solution, this is what I use
to prevent my kids touching my computer:
1. Set your startup sequence in your bios to boot from diskette first.
2. Make a bootable diskette
3. Before shutting down your computer, rename your command.com to
command.org or something like that.
4. When starting up your computer, use the bootable diskette, rename
command.org on the harddisk to command.com and reboot without the
diskette
Be sure to keep your diskette on a safe place.
In principle, this method also can be cracked quite easily, but for
the moment, to me it's sufficient.
My kids can't play around, installing all kind of the latest games or
any other stuff, whithout me knowing it.
Marcel

Re:security problem


JRS:  In article <83gg8d$rr...@newsg2.svr.pol.co.uk> of Wed, 15 Dec 1999
22:15:52 in news:comp.lang.pascal.borland, Craig Hennessey <craig@hennes

Quote
sey1.freeserve.co.uk> wrote:
>I am constructing a security program for my computer. It was the result of,
>not a hawk eyed mother wanting to see what is on my puter, but insomnia!
>basically, what it does s ask for a password.

It would save everybody, including yourself, a lot of time if you were
to use the FAQs.  I have Timo's FAQ, see below, as a single file, linked
from my browser's home page; it's rarely more than four clicks away.

This question is dealt with in Item 38.

Note that it is conventional to answer after the pruned question.

--
? John Stockton, Surrey, UK.  j...@merlyn.demon.co.uk   Turnpike v4.00   MIME. ?
 <URL: http://www.merlyn.demon.co.uk/> TP/BP/Delphi/&c., FAQqy topics & links;
 <URL: ftp://garbo.uwasa.fi/pc/link/tsfaqp.zip> Timo Salmi's Turbo Pascal FAQ;
 <URL: http://www.merlyn.demon.co.uk/clpb-faq.txt> Pedt Scragg: c.l.p.b. mFAQ.

Re:security problem


Hi,

on Sat, 18 Dec 1999 at 17:42:16 o'clock, Alexander Mueller wrote:

Quote
> You cant do this with readln. You would have to do this by your own with
> a loop and readkey. But if it is just a program for yourself why arent
> you installing winnt? This is probably 1000x more secure than an app in
> the autoexec.bat.

For a password checker, Windows NT requires quite a lot of disk space,
RAM and money.

 - Sebastian

--
Signature optimized for 1024x786 resolution in fullscreen mode.

Re:security problem


Quote
Sebastian Koppehel wrote:
> For a password checker, Windows NT requires quite a lot of disk space,
> RAM and money.

Craig wrote he wants to secure his own pc and in this case is winnt more
secure than a "from a batch file called" exe file. Isnt it?

Alex
--
** Pepsi Cola and animal protection **
**  http://www.pepsi{*word*76}bath.com/  **

Author of the Free Chatsystem PINO!  ||  Website: http://www.alcomp.net
Available at http://pino.cjb.net     ||  Chat   : pinochat.dhs.org:8080

Re:security problem


Hi,

on Sun, 19 Dec 1999 at 18:03:26 o'clock, Alexander Mueller wrote:

Quote
> Craig wrote he wants to secure his own pc and in this case is winnt more
> secure than a "from a batch file called" exe file. Isnt it?

Using Windows NT is probably a good idea for many, security-wise. But if
you just want to stop others from booting your PC, "Windows NT" is not
the answer. It's like recommending using an aeroplane to someone who wants
to visit his neighbor - "it makes 900 km/h, that's so much faster than your
car could ever get!" Even worse: what security does NT offer at boot time
when using FAT?

Craig should probably use the BIOS password, and, if he is paranoid (but
has a good memory) he could also "disable" the CMOS Reset jumper with a
cutter :-)

 - Sebastian

--
YOUR AD HERE!

Re:security problem


sure sounds like your mom has you spooked real bad - don't forget to
trap the ^break and ^C in your code
Quote
Craig Hennessey wrote:

> I am constructing a security program for my computer. It was the result of,
> not a hawk eyed mother wanting to see what is on my puter, but insomnia!
> basically, what it does s ask for a password.

> writeln('Enter Password:');
> readln(password);

> the problem lies in this code...
> what i want is that when the password is entered, i want the text to be
> starred, *** you get my drift... like any other password box.
> How can i echo back an asterix, and not the charachter. i understand that
> you will have to turn the echo off first, and then tell it to writeln * for
> every charachter????????

> another problem...

> (for the same program)

> how do i disable the ^crt?????

> just to complete my security program, do you think it would be wise to have
> my autoexec.bat renamed to autoexec2.bat, and moved to a floppy disk, and
> then a new autoexec.bat file created in the C: area, linking only the other
> autoexec2.bat file in?

> e.g.
> autoecxec.bat(stored in c:);

> a:\autoexec2.bat

> autoexec2.bat(stored in a:)

> all my code originally in my autoexec file.

> i understand that anybody will just be able to bypass the file, but they
> wouldnt be able to change much if i dont keep my autoexec2.bat file on my
> hard drive. if i have the floppy, no harm can be done? could this mean that
> hackers wouldnt be able to access it if i took it out after booting.
> I know this would make the boot a lot slower, but for security reasons it
> would be a good idea?

> i know this isnt a pascal question( well at least the end bit!) but please
> help!
> hehe, im gonna go test it on my other comp, ill let you know how i get
> along!.

Re:security problem


Quote
Sebastian Koppehel wrote:
> Using Windows NT is probably a good idea for many, security-wise. But if
> you just want to stop others from booting your PC, "Windows NT" is not
> the answer. It's like recommending using an aeroplane to someone who wants
> to visit his neighbor - "it makes 900 km/h, that's so much faster than your
> car could ever get!" Even worse: what security does NT offer at boot time
> when using FAT?

Using NT with FAT is a bit crazy :) but anyway if you just want to
prevent someone from booting your pc I agree with you that the "BIOS
password" story is the easiest solution.

Quote
> --
> YOUR AD HERE!

How much does it cost? ;)

Alex
--
** Pepsi Cola and animal protection **
**  http://www.pepsi{*word*76}bath.com/  **

Author of the Free Chatsystem PINO!  ||  Website: http://www.alcomp.net
Available at http://pino.cjb.net     ||  Chat   : pinochat.dhs.org:8080

Re:security problem


One little problem if you do get it working,  people can still push Ctrl-Break

Re:security problem


Quote
Mature Zergling <davi...@iinet.net.au> wrote:
>One little problem if you do get it working,  people can still push Ctrl-Break

There are ways to disable Ctrl+C, Ctrl+Break, and Ctrl+Alt+Del.
CTRLALT.ZIP at <http://users.leading.net/~rdonais/tpascal.htm>
contains source for a TP 4.0--7.0 compatible unit.

Of course the best all-around solution would be to Download Timo Salmi's
FAQ <ftp://garbo.uwasa.fi/pc/link/tsfaqp.zip> for additional information
on this topic and many other frequently (and not so frequently) asked
Turbo Pascal questions with Timo's answers.

    ...red

Re:security problem


if youg got physical access to the computer only strong encryption will
prevent, or at least slow down ma malicous hacker from getting all your
data out. Stop this silly discussion now!

--
Cahn's Axiom:
        When all else fails, read the instructions.

Other Threads