Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

How do I security an Alpha desktop application?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    How do I security an Alpha desktop application?

    If I understand the gist of this thread and another referenced thread - it is completely impossible to secure your work from other Alpha developers.

    http://msgboard.alphasoftware.com/al...den-Alpha-5-v7

    Is this right or has this crazy failing of development personnel at Alpha in V5.7 been rectified in a later release?

    Does anyone have a secure (preferably foolproof) method of preventing this from happening?

    If not then moving to an alternative tool is now a top priority...

    #2
    Re: Is security on an Alpha desktop application completely worthless?

    Andrew,

    What specifically are you worried about ? Securing data for your customers, or preventing other alpha developers from stealing your designs ?

    Are you aware your forms can be password protected?

    Are you aware your scripts and functions can be compiled into libraries, so that you wouldn't have to leave them "open" and "accessible" on the control panel?

    Comment


      #3
      Re: Is security on an Alpha desktop application completely worthless?

      Tom,

      Thanks for replying.

      In addition to all the gremlins and intermittent 'close everything down and restart' features in V11, I am now increasingly worried about everything to do with the security of anything you develop for the Alpha desktop.

      I am concerned that even if you hide the control panel and have a password protected hotspot, etc. clever Alpha developers can still find a back door into your database and it's structure.
      I was not aware that forms could be protected, I know that data tables (dbf) can be encrypted and I know that scripts can be compiled into AEX or something??? What about table layouts, indexes, field rules, etc.?
      This ability to use a temporary database as a means to access another is totally wrong. This should not be possible in a product sold as a robust development environment. There should be a facility to totally lock down any developed database without having to resort to all sorts of individual application functions trickery to endeavour to protect your development investment. In addition it is totally unforgivable that it is left to long-time users of the product such as yourself, Ira and others to provide the explanations to users such as myself with regard to such important issues as security.

      I really do think that Alpha's toolkit security is somewhat lacking.

      Raaasspppberries to them -
      Last edited by spudmurphy; 04-19-2013, 10:12 AM.

      Comment


        #4
        Re: Is security on an Alpha desktop application completely worthless?

        Good luck with your search for the perfect development system. Bye.

        Comment


          #5
          Re: Is security on an Alpha desktop application completely worthless?

          By the tone of your answer, I take it Tom that you do not approve of someone not seeing eye to eye with you in respect of your opinion of the tool.

          I'd like to ask you two questions in respect of your current use of Alpha and what you would expect in return from a current supplier if that same supplier now wanted to charge you top dollar for a product lacking in fundamentals?

          1) Are you currently full-time employed as a software developer and therefore totally reliant on the income derived from that line of work? or are you in reality an extremely skilled enthusiast, who over time has discovered that they have a real talent for Xbasic and enjoys finding new and clever ways of overcoming knotty logic problems and is generous enough to share that knowledge with the Alpha community?

          2) Given that recent Alpha proposals in respect of future pricing models is totally out of proportion in regard to existing price levels, do you think that it is fair of them to expect their user base to accede?

          I am just a person, that expects value for money and for product description to live up to its hype...

          Andrew

          Comment


            #6
            Re: Is security on an Alpha desktop application completely worthless?

            I really do think that Alpha is a shoddy, unprofessional outfit.
            I think that statement is way over the top. You can secure your application. Will it meet DOD standards for encryption and bullet-proof invulnerability? No, I seriously doubt it. But short of that you can lock it down.
            Peter
            AlphaBase Solutions, LLC

            [email protected]
            https://www.alphabasesolutions.com


            Comment


              #7
              Re: Is security on an Alpha desktop application completely worthless?

              I am pleased to hear it and will edit that particular post.

              Please can you explain then, how to lock it down?

              Andrew

              Comment


                #8
                Re: Is security on an Alpha desktop application completely worthless?

                Originally posted by spudmurphy View Post
                Please can you explain then, how to lock it down?
                1. Apply a master password
                2. Encrypt all your tables.
                3. Put a password on any global UDF's and Scripts.



                Optionally apply a password to your forms, but I don't think you need this if you do the above.
                AEX files are not secure, although if you put in "OPTION ENCRYPTED_TOKENS" at he beginning of your scripts then the AEX will be unreadable. But if you don't use an aex and do the above you are "safe" - safety being a relative term. Again, we're not talking DOD security here.
                Peter
                AlphaBase Solutions, LLC

                [email protected]
                https://www.alphabasesolutions.com


                Comment


                  #9
                  Re: Is security on an Alpha desktop application completely worthless?

                  Thank you Peter, you are restoring my faith, succinct and meaningful. I'll do as you say in 1, 2 and 3.

                  Just out of interest, is there a way to disable control alt and shift?

                  Thanks again,

                  Andrew

                  Comment


                    #10
                    Re: Is security on an Alpha desktop application completely worthless?

                    Originally posted by spudmurphy View Post
                    T
                    Just out of interest, is there a way to disable control alt and shift?
                    I don't think so. That functionality seems to be built into the db engine.

                    But do two other things as well. Check "hide controlpanel" in database properties. And put controlpanel.hide() in a script names "autoexec". Make sure you have a backdoor to get in.
                    Peter
                    AlphaBase Solutions, LLC

                    [email protected]
                    https://www.alphabasesolutions.com


                    Comment


                      #11
                      Re: Is security on an Alpha desktop application completely worthless?

                      Thanks Peter, but this hide thing was the source of my concern (see start of post) in the first place, I quote:

                      "Unhiding the Alpha Five Application

                      Every now and then someone accidentally hides Alpha Five with A5.HIDE() in their AUTOEXEC script. To recover from this problem, follow these steps.

                      Create a new empty database.

                      Go to the Alpha Five Control Panel.

                      Select File > Database Properties.

                      Display the Libraries tab.

                      Click Add and select the library (.ALB file) from the problem database. The scripts/functions from the problem database will now be shown in the code tab of the current database.

                      Edit the AUTOEXEC file of the problem database.

                      Unattach the library the library from the empty database.

                      Supported By

                      Alpha Five Version 5 and Above"

                      Comment


                        #12
                        Re: Is security on an Alpha desktop application completely worthless?

                        Originally posted by spudmurphy View Post
                        Just out of interest, is there a way to disable control alt and shift?

                        Thanks again,

                        Andrew
                        If you are talking about holding Ctrl + Shift to bypass autoexec script when starting a workspace this is called debug mode it can be disabled in settings-> startup-> Debug Mode Allowed yes=allowed no=disallowed. Can also be shut off with a command line startup:

                        http://wiki.alphasoftware.com/Starti...d+Line+Options

                        Comment


                          #13
                          Re: Is security on an Alpha desktop application completely worthless?

                          Thanks Allen, welcome info.
                          If I hide the control panel on the on init of my start up form with a hotspot to enter a password which shows control panel, will that avoid the autoexec hack?

                          Comment


                            #14
                            Re: Is security on an Alpha desktop application completely worthless?

                            Originally posted by spudmurphy View Post
                            Thanks Peter, but this hide thing was the source of my concern (see start of post) in the first place, I quote:

                            "Unhiding the Alpha Five Application

                            Every now and then someone accidentally hides Alpha Five with A5.HIDE() in their AUTOEXEC script. To recover from this problem, follow these steps.

                            Create a new empty database.

                            Go to the Alpha Five Control Panel.

                            Select File > Database Properties.

                            Display the Libraries tab.

                            Click Add and select the library (.ALB file) from the problem database. The scripts/functions from the problem database will now be shown in the code tab of the current database.

                            Edit the AUTOEXEC file of the problem database.

                            Unattach the library the library from the empty database.

                            Supported By

                            Alpha Five Version 5 and Above"
                            If you protect your code in an AEX than there doesn't need to be any code in your database. And your autoexec code can run a script or fuction from your AEX no code exposed.

                            Comment


                              #15
                              Re: How do I security an Alpha desktop application?

                              The command line options are not foolproof of course, since they exist in the shortcut or startup (text) form.

                              Don't use a hotspot - user's will mouse over it sooner rather than later and attempt to hack the password. Instead use a button, make it transparent and uncheck "tab stop". Then refer the button code to a script or udf w. a password on the script.
                              Peter
                              AlphaBase Solutions, LLC

                              [email protected]
                              https://www.alphabasesolutions.com


                              Comment

                              Working...
                              X