How to prevent sensitive information is displayed when the extension 'exe' is modified to 'txt' on windows?

If you build a exe ,such as which can get Data from DataBase,when you modify the exe's  extension to 'txt',
and you open it by notepad.exe (on windows),you will find the info,it's important for me,so how to stop  the info to display  ?


  Driver={SQL Server Native Client 10.0};Server=127.0.0.1;Database=test;Trusted_Connection=Yes    \   €`B SELECT top 10 * FROM testtable     鑐B atest.d    aB testcolumnname      aB std.stdio.File err.text    GaB w       
   XaB error :
           haB  @ <


Thank you.

On Tuesday, 6 January 2015 at 17:15:28 UTC, FrankLike wrote:
> How to prevent sensitive information is displayed when the extension 'exe' is modified to 'txt' on windows?

If the data is in the program, it is visible to anyone you give the program to.

Alternatives would be asking the user for sensitive info separately from the exe like a config file that they must fill in or a password they must type when it starts up.

Or just don't distribute the program to anyone who isn't authorized to use it.

On Tuesday, 6 January 2015 at 17:32:29 UTC, Adam D. Ruppe wrote:
> On Tuesday, 6 January 2015 at 17:15:28 UTC, FrankLike wrote:
>> How to prevent sensitive information is displayed when the extension 'exe' is modified to 'txt' on windows?
>
> If the data is in the program, it is visible to anyone you give the program to.

This. It's why games and other licensed applications still get cracked, despite the industry spending millions (billions?) on researching means to prevent it.

> Alternatives would be asking the user for sensitive info separately from the exe like a config file that they must fill in or a password they must type when it starts up.
>
> Or just don't distribute the program to anyone who isn't authorized to use it.

Or don't let your application contact the DB directly. Build a web service or whatever fancy name those things have these days, and let the web service connect to the DB. Your application then connects to the service using a method of authorization if your choosing.

Dne 6.1.2015 v 18:15 FrankLike via Digitalmars-d-learn napsal(a):
> How to prevent sensitive information is displayed when the extension 'exe' is modified to 'txt' on windows?
> 
> If you build a exe ,such as which can get Data from DataBase,when you
> modify the exe's  extension to 'txt',
> and you open it by notepad.exe (on windows),you will find the info,it's
> important for me,so how to stop  the info to display  ?
> 
> 
>   Driver={SQL Server Native Client
> 10.0};Server=127.0.0.1;Database=test;Trusted_Connection=Yes    \   €`B
> SELECT top 10 * FROM testtable     鑐B atest.d    aB
> testcolumnname      aB std.stdio.File err.text    GaB w       
   XaB
> error :
>            haB  @ <
> 
> 
> Thank you.

What you want is some kind of code obfuscation. The easiest thing for you is to use exe compression. It is not going to stop a dedicated attacker, but ordinary people will not be able to extract any information from it.

http://upx.sourceforge.net/

Martin

On Tuesday, 6 January 2015 at 17:45:19 UTC, Rene Zwanenburg wrote:
> On Tuesday, 6 January 2015 at 17:32:29 UTC, Adam D. Ruppe wrote:
>> On Tuesday, 6 January 2015 at 17:15:28 UTC, FrankLike wrote:
>>> How to prevent sensitive information is displayed when the extension 'exe' is modified to 'txt' on windows?
>>
>> If the data is in the program, it is visible to anyone you give the program to.
>
> This. It's why games and other licensed applications still get cracked, despite the industry spending millions (billions?) on researching means to prevent it.
>
>> Alternatives would be asking the user for sensitive info separately from the exe like a config file that they must fill in or a password they must type when it starts up.
>>
>> Or just don't distribute the program to anyone who isn't authorized to use it.
>
> Or don't let your application contact the DB directly. Build a web service or whatever fancy name those things have these days, and let the web service connect to the DB. Your application then connects to the service using a method of authorization if your choosing.

Thank you ,it's a good idea.

> What you want is some kind of code obfuscation. The easiest thing for
> you is to use exe compression. It is not going to stop a dedicated
> attacker, but ordinary people will not be able to extract any
> information from it.
>
> http://upx.sourceforge.net/
>
> Martin

Yes,if I can't get some tools  from dmd or ldc,then I should look for some kind of code obfuscation.

Thank you for your good idea.

>
> What you want is some kind of code obfuscation. The easiest thing for
> you is to use exe compression. It is not going to stop a dedicated
> attacker, but ordinary people will not be able to extract any
> information from it.

And I guess as an alternative to the utility you linked to, you could use D's ability to run code at compile time to encrypt your sensitive literals during compilation and then decrypt them on program startup.

Dne 7.1.2015 v 12:00 Laeeth Isharc via Digitalmars-d-learn napsal(a):
> 
>>
>> What you want is some kind of code obfuscation. The easiest thing for you is to use exe compression. It is not going to stop a dedicated attacker, but ordinary people will not be able to extract any information from it.
> 
> And I guess as an alternative to the utility you linked to, you could use D's ability to run code at compile time to encrypt your sensitive literals during compilation and then decrypt them on program startup.

I don't think you would really need any compile time capabilities. You could just xor your strings and xor them again before using them to make it reasonably unreadable. But the thing is that doing these changes inside the code adds unnecessary complexity and is a potential source of bugs. Using an exe packer has the advantage of being practically a one-click solution.

On Wednesday, 7 January 2015 at 11:00:54 UTC, Laeeth Isharc wrote:
>
>>
>> What you want is some kind of code obfuscation. The easiest thing for
>> you is to use exe compression. It is not going to stop a dedicated
>> attacker, but ordinary people will not be able to extract any
>> information from it.
>
> And I guess as an alternative to the utility you linked to, you could use D's ability to run code at compile time to encrypt your sensitive literals during compilation and then decrypt them on program startup.

Thank you,but it's not easy to do,can you show me some detail?

On Wednesday, 7 January 2015 at 14:18:53 UTC, FrankLike wrote:
> On Wednesday, 7 January 2015 at 11:00:54 UTC, Laeeth Isharc wrote:
>>
>>>
>>> What you want is some kind of code obfuscation. The easiest thing for
>>> you is to use exe compression. It is not going to stop a dedicated
>>> attacker, but ordinary people will not be able to extract any
>>> information from it.
>>
>> And I guess as an alternative to the utility you linked to, you could use D's ability to run code at compile time to encrypt your sensitive literals during compilation and then decrypt them on program startup.
>
> Thank you,but it's not easy to do,can you show me some detail?

http://dpaste.dzfl.pl/3bbdecfefa5c