Hi Pedro,
On 17 May 2011 16:52, Pedro d'Aquino
Hello,
I'm using Boost.MPL to obfuscate sensitive strings during compilation. I wrote a class called obf_string which can be used in the following way:
obf_string<'my_d','atab','ase_','pass','word'> password; connect_to_db( password.unobfuscate() );
If someone runs strings.exe on this executable, they will not see "my_database_password" listed there, because it has been XORed with a binary mask. This approach has several benefits over e.g. preprocessing all the source files with a tool that encrypts all strings. The most significant is that I can easily see and change the string.
I don't know if this applies to you but... any halfway decent assembly language programmer with operating system expertise will be able to set a breakpoint for relevant O.S. or library calls. In Linux its even easier - use the strace command and it lists OS calls to stdout. One place I worked at used the Windows registry to store ODBC and SQL parameters. Just how hostile are you expecting the end users of your application to be? HTH, Ian -- -- ACCU - Professionalism in programming - http://www.accu.org/