This applies to desktop apps created with .dbf table structures only.
The Alpha documentation clearly states the following for password protecting your code i.e. scripts, etc.
How to password protect your scripts to prevent users from changing the scripts.
If you are designing an application for others to use, you may want to password protect your scripts to prevent users from changing the scripts. You may also have created a commercial application in Alpha Anywhere and you may want to protect your intellectual property by hiding the scripts. Alpha Anywhere allows you to password protect any script that is attached to an event . a Global Script, or a Global Function. Your script must be in Xbasic. You cannot password protect Action Scripts. If you need to password protect an Action script, you must first convert it to Xbasic. To password protect an Xbasic script:
'PASSWORD FOO
The help document would indicate to a developer that ANY xbasic script you create if password protected is safe and secure from prying eyes. This will give the developer a false sense of security when developing security applications.There should be a disclaimer or at least an explanation regarding scripts attached to layout events such as OnInit, OnKey, OnTimer, etc. Any event attached to a form layout event or object event, EVEN when password protected is not secure in any way from the end user or other developers. This is a huge development security issue.
I just discovered this and it is not in the documentation. I have hundreds of scripts attached to form events and object events, everyone of them are password protected as described in the documentation.
However; if you open any .DDM file with a text editor, all of your code including the password is clearly visible for the whole world to see. It does not matter if the tables are encrypted, encrypted tables keep your data secure but not your code.
This can be a huge set back when you discover it late in development as I have.
Now I have to go back and create global scripts and function for every OnInit, OnKey, OnTimer and many more events in order to keep my code secure. My point being is that this should have been clearly stated in the documentation years ago.
I hope this helps someone else not make the same error I have.
Just when you thought it was safe! :(
The Alpha documentation clearly states the following for password protecting your code i.e. scripts, etc.
How to password protect your scripts to prevent users from changing the scripts.
If you are designing an application for others to use, you may want to password protect your scripts to prevent users from changing the scripts. You may also have created a commercial application in Alpha Anywhere and you may want to protect your intellectual property by hiding the scripts. Alpha Anywhere allows you to password protect any script that is attached to an event . a Global Script, or a Global Function. Your script must be in Xbasic. You cannot password protect Action Scripts. If you need to password protect an Action script, you must first convert it to Xbasic. To password protect an Xbasic script:
- Edit the script.
- Add the following to the first line of the script: 'PASSWORD
'PASSWORD FOO
The help document would indicate to a developer that ANY xbasic script you create if password protected is safe and secure from prying eyes. This will give the developer a false sense of security when developing security applications.There should be a disclaimer or at least an explanation regarding scripts attached to layout events such as OnInit, OnKey, OnTimer, etc. Any event attached to a form layout event or object event, EVEN when password protected is not secure in any way from the end user or other developers. This is a huge development security issue.
I just discovered this and it is not in the documentation. I have hundreds of scripts attached to form events and object events, everyone of them are password protected as described in the documentation.
However; if you open any .DDM file with a text editor, all of your code including the password is clearly visible for the whole world to see. It does not matter if the tables are encrypted, encrypted tables keep your data secure but not your code.
This can be a huge set back when you discover it late in development as I have.
Now I have to go back and create global scripts and function for every OnInit, OnKey, OnTimer and many more events in order to keep my code secure. My point being is that this should have been clearly stated in the documentation years ago.
I hope this helps someone else not make the same error I have.
Just when you thought it was safe! :(
Comment