PDA

View Full Version : questions


ABC123

martinwcole
03-19-2008, 07:41 PM
have a potential customer for V9

they have an sql database that would be on the desktop app - would not be shadowed

need to be able to protect (encrypt?) the sql data

also - need to prevent copy and past of the contents from an alpha screen displaying the data (disable the clipboard?)

does this sound possible?

NoeticCC
03-19-2008, 08:07 PM
have a potential customer for V9

they have an sql database that would be on the desktop app - would not be shadowedWhat is the point of using an SQL database if each client has a full copy of the database? (Active link databases are not shadowed, they just interact with a CENTRALLY HOSTED - usually, you can have a localhost db but then this is an app that only runs on one single PC?! - database)

SQL databases are usually hosted on a central server, and the client connects to it from their software, if each client has a database installed, all the points you mentioned further on seem pointless as they surely can do anything to that database without A5 even coming into it?

(The way you put it, a PC has an SQL database, like mySQL, Oracle etc. running on it, and you want A5 to prevent the user from accessing the database in any other way than what your client expects... it seems rather perplexing - what is the point of an SQL database if each client computer has a separate database on their machine? And how do you expect A5 to control what a user does to a database program that is utterly independent of A5, no matter how many active or passive link tables point at it?)


also - need to prevent copy and past of the contents from an alpha screen displaying the data (disable the clipboard?)
I think there are functions to control key and mouse events that should allow you to capture most of these things... but why? (See next point)


need to be able to protect (encrypt?) the sql data
Why? If the database is actually on the client machine surely they can access it in other ways if they want and extract, manipulate etc. as they please...



does this sound possible
Yes but to me it just plain doesn't sound like your client has the slightest grasp of what an SQL database even is, let alone has ever used one?! I might be wrong but what you describe sounds like something that could run off A5's own DBF tables and has no relevance whatsoever to Platinum or SQL in any way shape or form....

martinwcole
03-19-2008, 08:20 PM
they have had another company developing a front end app via .net for data they create themselves

the utility they have for creating the data creates it in sql

because they are unhappy with the company they are asking me about writing a front end in Alpha

now because sql queries are allegedly many times faster than dbf queries, I thought about just leaving it in sql, and writing a front end using V9.

they would be selling and sending their clients an install exec that would install the program on one desktop, and thus would want to protect the data - both from viewing by someone with some other tool than Alpha, and from copy and paste

I guess I could "import" the data into Alpha tables and use Alpha's encryption. But I wonder, if I went that route, if the copy and paste could be prevented. - or the paste results would be encrypted characters?

DaveM
03-19-2008, 08:47 PM
As andrea stated, you have the tools to capture mouse clicks, keyboard presses to prevent copy and paste. Your encryption idea is great and it works. I have tested it thorougly and found it very good. Also you need to protect the paths to the data by having it pathed to the server as \\pcname\etc (file://\\pcname\etc) instead of a mapped drive. sure you know this, just voicing. Protect from being able to run it even if it gets copied with files that are outside the program and tests on thing like cpu serial, mb serial, etc and/or.

There is always a way to steal data. Best source for stopping it is employee loyalty and integrity. Client may need to hear that. I have said it to a client before.

Good luck and am sure they chose the right man.

EDIT: Unless there is a reason I don't know of, I would put them on dbf files in a heartbeat. I think the security can be better. Good thing about sql tables is you can put them all over the place so they bare hard to find, but there is usually one or two tables you want to really protect.

martinwcole
03-20-2008, 12:59 AM
Dave, as I recall you are in the auto business and have programs for dealers. You could imagine this as a program you sell to a dealer that would run on a single desktop. Now suppose it included all the info for all parts for all Fords for 5 years. a sizeable file. using sql instead of dbf would be an advantage I think. but you would want to prevent the dealer (or dealer's employees) from stealing the data, so-to-speak, and use it somewhere else - as in writing a program of their own.

As I think about it, in this case, all I have to do is disable fields displaying data. They can't change it, just enter query parameters for searching and viewing.

But I'm not sure if you could encrypt the sql data, from Alpha.

Another reason to keep it in sql format for developing the front end is that they plan on later putting it on a sever and giving users the ability to view it over the web.

They would be selling many copies to people internationally, and they would have to be able to protecct the data.

My guess is that the data would have to be encrypted with a 3rd party tool. and then alpha would have to be able to feed it an encryption key.

I'm betting that if users are going to connect to sql and other non dbf files, Alpha would have to be able to interact with encrypted data.

Looking at the files right now in windows explorer, all have either .kis or .enc file extensions. Just got the call today, and want to be sure I can give the client what he needs, before contracting for it.

My V9 expires in a few minutes, so I won't know for a while. But for the life of me, I can't figure out how to connect to an sql database on my own computer - it wants ports, domains, etc. I hope its possible!!

Marcel Kollenaar
03-20-2008, 03:47 AM
My guess is that the data would have to be encrypted with a 3rd party tool. and then alpha would have to be able to feed it an encryption key.


Martin, what about a USB type dongle/token (http://www.idcontrol.com/index.php?option=com_content&task=category&sectionid=6&id=39&Itemid=60)?

martinwcole
03-20-2008, 03:52 AM
Marcel - thanks a lot - when V9 comes out so I can download, will experiment

NoeticCC
03-20-2008, 04:10 AM
Marcel - thanks a lot - when V9 comes out so I can download, will experiment

Check out the infoworld article Richard has linked to in a thread on this forum. That article has a link to the Beta download on it...

martinwcole
03-20-2008, 04:12 AM
I already did - but is expired - you cant reload it

NoeticCC
03-20-2008, 06:50 AM
I already did - but is expired - you cant reload it

Email Alpha Sales to extend the time for the Beta version.

Tom Cone Jr
03-20-2008, 06:55 AM
Martin, preventing the user from copying data displayed on screen is going to be very very hard. Screen capture utilities are widely available, even if you use OnKey event scripts to trap and block Ctrl-C and Ctrl-V. What's you'd need I guess is some way to run Alpha itself in a modal window. I don't know if that's possible.

Cheryl Lemire
03-20-2008, 07:55 AM
Martin,

I doubt seriously that you can prevent anybody from 'stealing' the data. If I can see it, I can copy it. No matter how you lock things down, even if it is possible to open Alpha modal, if I want the data bad enough, I can simply write it down. Yes, this would be tedious, but if I want it bad enough, I will do the work.

jaryder
03-20-2008, 10:49 AM
Martin,

If your customer is going to sell and send a CD to their clients with your Alpha project on it how will it run using SQL. Alpha does not come with SQL which means the customer must also sell or the client must buy and install an SQL server for their one PC. Does not make sense to me. Support could be a nightmare trying to setup and configure an SQL server for every client. It would be much easier to just use alpha Databases and password them.

Just my 2 cents.

Jeff

NoeticCC
03-20-2008, 11:00 AM
they have had another company developing a front end app via .net for data they create themselves

the utility they have for creating the data creates it in sql

Sql stands for structured query language - this alone does not tell you ANYTHING about what database, vendor etc. this refers to - are you talking about SQL Server, mySQL, another SQL database? Where is that database kept?

Are you talking about a client server application or about a web front end (.net seems to suggest as much!)?

If it is a WEBSITE they are after or a web app then the SQL database only has to sit in one place, and this does start to make sense....