Invalid SQL: INSERT INTO `swsessions` (`sessionid`, `ipaddress`, `lastactivity`, `useragent`, `isloggedin`, `sessiontype`, `typeid`, `dateline`, `status`) VALUES('9c40a466aad7b83f35327173b564e930', '54.81.154.223', '1498227711', 'CCBot/2.0 (http://commoncrawl.org/faq/)', '0', '40', '0', '1498227711', '0'); (The table 'swsessions' is full)
Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\support.inm.com\includes\functions.php:410) in C:\Inetpub\support.inm.com\includes\functions.php on line 1612
Encrypting data in a V12 Database file - Support Center
inm logo
Corporate Website | Contact | Store | Support | Login  
     


Knowledgebase
View categorized listing of all common frequently asked questions.
Downloads
View our categorized library of downloads for all necessary manuals, software, etc.
 Article Options
Support Center » Knowledgebase » INM V12 Database for Director » Encrypting data in a V12 Database file
Support Page Banner
 Encrypting data in a V12 Database file
Product:Platform:Area:Version:
INM V12 Database for Director Windows, Macintosh Multi-users and security All

Summary

Although V12 Databases are password-protected and as such can not be readily opened by other INM V12 Database users, they are not encrypted. This means that a hacker using the right tools (e.g., a hexadecimal editor) can open a V12 Database file and view its contents. In more exceptional cases, he can modify data in it, although this is very hard to accomplish without corrupting the database.

This applies to INM V12 Database as well as FileMaker Pro, MS Access and many other database management systems.

To protect your V12 database from illegal viewing and/or tampering, you can use simple techniques such as giving it the name of a system file or making it invisible to the Mac Finder or Windows Explorer.

If you really need to encrypt your data, you can use a third party Xtras (see http://www.macromedia.com/software/xtras/director) or use your own Lingo encryption handler. In either case, you will not be able to index encrypted strings. Searching and sorting encrypted indexed strings would not work properly. Encrypted fields must rely on other non-encrypted fields for searching and sorting.

Example

The following Lingo handlers enable the encryption and decryption of strings based on a variation of the One-Time Pad algorithm. One-Time Pad is very easy to program, however it is only moderately secure, especially if a hacker is entitled to generate large amounts of original/encrypted message pairs.

global gEncryptKey
on initCrypt
    -- change this encryption key to the string of your choice.
    -- The longer the string, the stronger your encryption algorithm.
    set gEncryptKey = "thisisthesecretkey."
end initCrypt

on encrypt str

    set res = ""
    -- avoid redundant calls: compute lengths in advance
    set keyLength = length (gEncryptKey)
    set strLength = length (str)

    repeat with i = 1 to strLength
       set keyIdx = i mod keyLength
       set tmp = numToChar ((charToNum (char i of str) + charToNum (char keyIdx of gEncryptKey)) mod 256)
       -- check if resulting string contains 0.
        -- if so, Director would truncate the string.
           if (tmp = numToChar (0)) then
               -- the escape code for a 00 char is 0102
              set tmp = numToChar (1) & numToChar (2)
              -- encode 01 as well to differentiate from encoded "0"s
             else if (tmp = numToChar (1)) then
                 set tmp = tmp & tmp -- the escape code for a 01 char is 0101
          end if
      set res = res & tmp
     end repeat
return res
end encrypt

on decrypt str
set res = ""
     -- first clean up escape codes
    set str = cleanEscape (str)
    set keyLength = length (gEncryptKey)
    set strLength = length (str)
    repeat with i = 1 to strLength set keyIdx = i mod keyLength
    set res = res & numToChar ((charToNum (char i of str)- charToNum (char keyIdx of gEncryptKey) + 256) mod 256)
    end repeat
return res
end decrypt

on cleanEscape str
     -- just replace every instance of 0101 by 01, and 0102 by 0
    set res = ""
    set strLength = length (str)
    repeat with i = 1 to strLength
      if (charToNum (char i of str) = 1) then
          if (charToNum (char i + 1 of str) = 2) then
              set res = res & numToChar (0)
             else if (charToNum (char i + 1 of str) = 1) then
             set res = res & numToChar (1)
          end if
      set i = i + 1
      else
      set res = res & char i of str
      end if
    end repeat
return res
end cleanEscape

To use the above handlers, first assign the encryption key of your choice to the global variable gEncryptKey. Then, at startup, call initCrypt (e.g., on StartMovie). To store an encrypted string to a V12 table, call:

mSetField(gT, "Account", encrypt(secretData))

To retrieve an encrypted string from a V12 table, call:
set x = decrypt (mGetField(gT, "Account", encrypt(secretData))
You can further enhance the strength of your encryption by creating an additional field in your table for the encryption key - as opposed to using the same global gEncryptKey for all fields and records. Thus, each record would be encrypted with a different key, making it harder to hackers to crack your algorithm.

Note

If you want to encrypt dates, floats or integers, convert them to strings first.



Article Details
Article ID: 108
Created On: 26 Sep 2006 02:34 PM

 This answer was helpful  This answer was not helpful

inm general footer
Services Xtras Go Products Support Gallery Store Download About Us Contact Newsroom