|
I think it all depends on the level of protection you require on the password
You may or may not need the password to be decrypted which imposes 2 different ways of storing the data.
1) Need to decrypt
This is a weak way of storing a password because it can be decrypted but one might find this easier to handle since they can display the password after or send it by e-mail etc.
2) No need to decrypt
You store a non-decryptable version of the password or user/pass (if it applies) then when you need to validate the password, you encrypt the source data (password or user/pass) and compare versus what's found in your storage (registry). This also has the advantage that you will mostly never have the password unencrypted in process memory except for the source data which isnt guaranteed to match.
Once you decided on how you want to handle storage, you can better decide which encryption method you're going to use. Remember that each encryption system has its strengths and its weaknesses.
|
|
|
|
|
You should never save a password, even an encrypted one, especially in the registry. You should, instead, save a cryptographic hash value that results from the password, and user name if you want to be really secure.
The way this works is that different passwords and/or usernames will produce different consistant hash values and you can not reverse engineer a password and/or user name from the hash value. When a user enters a password you can compare the resulting hash value to the saved value and determine if the password is correct without ever storing the actual password in a data store. If the hash values match you can say with a high degree of certainty that the user entered the correct password.
A 160 bit hash value is currently considered to be the standard for a secure system.
MD5 produces a 128 bit hash value, which is a bit undersized by todays standards, and, additionally, has been known to contain theoretical flaws which have recently been shown to be exploitable for applications like you are describing. It is still a viable hashing algorythm for certain types of applications but not for your application.
I would recommend SHA256 at a minimum (256 bit hash value) or for extreme security SHA384 or SHA512. SHA384 or SHA512 require 64 bit arithmetic and you must be carefull if you are implementing them on a 32 bit processor due to the difference in the way numbers are stored on different architectures. Therefore, since SHA256 exceeds the current standard for security and can be implemented with 32 bit arithmetic I would recommend that you use it as your hashing algorythm.
|
|
|
|
|
So I have a lot of different C++ objects with members. Strings, ints etc.
Objects get populated from database. Used to do it using MFC ODBC classes. Then I decided to go OLE DB. Wow! So. Now instead of CRecordset we use CAccessor<> , right? To map members to fields now I have to use TCHAR or CComBSTR for strings, right?
But I'd like to keep my objects as CString or std::string . I don't want to change all my code to operate with CComBSTR and I don't want make parallel just members to transfer data from database to my members. What do I do then? Is there a way to make COLUMN_ENTRY to accept CString or std::string ? Or somehow make an automatic transfer from one global CComBSTR (that would be used to retrieve the data) to those members?
Confusing?
|
|
|
|
|
ATL has a version of CString in atlstr.h. You should be able to use this.
|
|
|
|
|
No,no,no. I need in VC 6.
|
|
|
|
|
VC6 comes with ATL...
Ryan "Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
|
|
|
|
|
But ATL in VC6 doesn't come with atlstr.h. It's in VC7.
|
|
|
|
|
|
Yeah. But how does it help?
I can get data using CComBSTR just as well.
But these macros:
<br />
BEGIN_COLUMN_MAP(CUserRowset)<br />
COLUMN_ENTRY(1, m_bstrID)<br />
COLUMN_ENTRY(2, m_bstrDescription)<br />
....<br />
END_COLUMN_MAP()<br />
for linking fields to members require members to be CComBSTR (or _bstr_t you are talking about). But my members are CString and/or std:string
and I don't want to convert the rest of my code to use BSTRs.
|
|
|
|
|
inner wrote:
I don't want to convert the rest of my code to use BSTRs.
You must whenever using COM interfaces. It is the COM form of string. Unless you want to use byte arrays which are not easier. At least _bstr_t has simple conversion interface to char and wchar making life easy to use CString and std::string/wstring
-- signature under construction -- -pete
|
|
|
|
|
I have a win32 application that I'm using to test some stuff (just basic algorithm) and timing the execution of the program depending on the file I drop on the exe. When it's done, it displays a messagebox with the amount of time it took to complete the operation. However, if it takes a long time, the DOS-looking console window is displayed the whole time. I don't want any window displayed except the messagebox signaling that the event is over. How can I accomplish this?
[insert witty comment here]
bdiamond
|
|
|
|
|
Why not the old ShowWindow (hWnd, SW_HIDE)
And in order to get the hWnd, either
// change current window title to something *UNIQUE*
SetConsoleTitle(title);
// ensure window title has been updated
Sleep(40);
hWnd = FindWindow(NULL, title);
// If found, hide it
if (hWnd)
{
ShowWindow(hWnd, SW_HIDE);
}
Or if only for Win 2000 (XP ...) use the GetConsoleWindow
HWND (WINAPI* gpfnGetConsoleWindow)() = (HWND (WINAPI*)())
GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "GetConsoleWindow");
if(gpfnGetConsoleWindow)
{
hWnd = gpfnGetConsoleWindow();
}
Papa
while (TRUE)
Papa.WillLove ( Bebe ) ;
|
|
|
|
|
Hey
I seam to have problem using RichTextBox.
I´ve written the following pice of code:
case WM_CREATE:
HWND hRich;
hRich = CreateWindowEx(WS_EX_CLIENTEDGE, RICHEDIT_CLASS, "",
WS_CHILD | WS_VISIBLE, 0, 0, 100, 100, hWnd, NULL, GetModuleHandle(NULL), NULL);
if(hRich == NULL)
MessageBox(hWnd, "Could not create RichTextBox.", "Error", MB_OK | MB_ICONERROR);
break;
if(!hRich) runs and I get the message that RichTextBox couldnt be created. Anyone got any idea whats wrong?
I´m using Visual Studio .NET 2003
Thanks.
humpa humpa
|
|
|
|
|
Read up in the MSDN on the function CreateWindowEx. I believe that in order for you to use the RICHEDIT_CLASS you must first call the RegisterClass or RegisterClassEx to register your RICHEDIT_CLASS.
If the function succeeds, the return value is a class atom that uniquely identifies the class being registered. This atom can only be used by the CreateWindow, CreateWindowEx.
Tom Wright
tawright915@yahoo.com
|
|
|
|
|
i don't know if this is it, but does your application need to call AfxOleInit()?
[insert witty comment here]
bdiamond
|
|
|
|
|
SuperTank wrote:
Anyone got any idea whats wrong?
How about calling GetLastError() ?
"When I was born I was so surprised that I didn't talk for a year and a half." - Gracie Allen
|
|
|
|
|
I acctualy got it working. All I had to do was to add LoadLibrary("Riched20.DLL");
It seams to be very common fault.
humpa humpa
|
|
|
|
|
I am deriving from CStatic class to create a CStatic with customized font and coloration .
But my problem is that during creation how do I and where do specify the Font to be used ?
|
|
|
|
|
|
you can create the font in the constructor; you might need to override the Paint method.
Maximilien Lincourt
Your Head A Splode - Strong Bad
|
|
|
|
|
Is it possible to declare a series of variables and then assign a pointer to the start (i.e. the first variable).
I wish to use a user defined database which will hold the display format, type and an offset into the variables location in memory.
Basically I will fill an array of item details and declare the items;
e.g.
static ITEM_DETAILS items[NO_ITEMS] = {<br />
"%0.2f", display format<br />
"float"
"£",
"Current Cost"
, "0000"
<br />
"%d", display format<br />
"unsigned short"
"N/A",
"Number of Units",
"0004"
<br />
etc<br />
}; Now the items will be declared as follows:-
float cost;
unsigned short noOfItems;
CString itemName;
etc
Now my question is how do I go about declaring a pointer to the first variable (start of the memory that the variables are held) and is it OK to add offsets to this pointer, i.e. to obtain data item2 (noOfItems which has the offset 0004)
e.g.
LPVOID ptr = &cost; // Pointer to the start of the memory location
so to access the item noOfItems I would do the following:-
int offset = atoi(items[1].offset);
data = *(ptr + offset);
I need the variables in contagious memory and is a LPVOID the right choice.
I was thinking of shared memory, but I have always used a structure to access items and not a general pointer.
Any help please.
|
|
|
|
|
Check the macro offsetof, it would be what you need
It is used along with a structure.
Papa
while (TRUE)
Papa.WillLove ( Bebe ) ;
|
|
|
|
|
Thanks for the info, however I have a problem with the bit fields (I know that you cant use the macro with these fields) but its the extra byte thats the problem, as I could just manage the field fileds aa a 2 byte hex item.
#pragma pack(1)<br />
typedef struct<br />
{<br />
unsigned short i; <br />
float f; <br />
char c; <br />
unsigned short bit41 : 4;<br />
unsigned short bit42 : 2;<br />
unsigned short bit43 : 1;<br />
char s;<br />
unsigned short x;<br />
double y;<br />
double z;<br />
} SFOO;<br />
<br />
union<br />
{<br />
SFOO fields;<br />
unsigned short buffer[32];<br />
}test_data;<br />
<br />
#pragma pack()<br />
<br />
void main(void)<br />
{<br />
printf("Offset of 'c' is %u ", offsetof(SFOO, c));<br />
printf("Offset of 's' is %u ", offsetof(SFOO, s));
This gives Offset of 'c' is 6 Offset of 's' is 9; I was expecting 8, see below:-
f f i i
Bits c f f
x x s
y y y y
y y y y
z z z z
z z z z
|
|
|
|
|
The bit fields gave me a problem with the offsetof.
See new post
http://www.codeproject.com/script/comments/forums.asp?forumid=1647&select=908749
|
|
|
|
|
raed wrote:
BOOL b = dbRecord.CanUpdate();//here Debug assertion failure rasied ,WHY?
I don't know, you tell us. You should have been presented with a message box containing the file name and line number of the failed assertion. Given those two, we might be of more help.
"When I was born I was so surprised that I didn't talk for a year and a half." - Gracie Allen
|
|
|
|