Lukasz Sokol wrote:
On 13/07/16 08:31, Mark Morgan Lloyd wrote:
Michael Van Canneyt wrote:
On Tue, 12 Jul 2016, Mark Morgan Lloyd wrote:
Please excuse one of my regular silly questions. Elsewhere, a (former) Delphi programmer
is uneasy having found that his binaries have had embedded SQL queries, passwords and so
on visible "in clear" for the last 20 years or so.
Can FPC be told to obfuscate ResourceStrings?
No. The default value for resourcestrings is stored as-is in the binary.
To solve this, I store the username/password encrypted in the binary as consts,
and they are decrypted when needed.
Sometimes it's difficult to avoid having to do that sort of thing, or
obfuscating them in an external file.
Could it help to try doing this after linking the program binary, to build the
resources and scramble them
using the program binary part checksum (or have it seed a PRNG and/or derive an
encryption key / key pair from it) ?
Not that I know how ;) and whether such a thing is viable at all - or desirable
(since an executable would
always have to be distributed with matching resources build). But how would
that be for an idea ? ;)
I wonder whether this could this be handled by a step related to i18n.
The whole thing's a bit of a minefield, since there are hacking tools
out there which can scan a binary looking for regions which are more
random than expected on the basis that these might be things like crypto
keys.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
