root/admin and client users in an application

I need to secure an application somewhat and I am trying:
..
1._ for the source/app executable code not to be viewed/hacked
..
2._ to not store passwords or user names of any kind. They must not be
permanently stored by the application
..
2.1_ user would just enter theri login info at the command prompt
nothing is stored in a file so that dictionary attacks aren't possible
..
3._ for the application to pretty much take care of security itself
not the OS
..
I am a coder and don't know much about the details of how to
approach such a problem
..
How would you? Any leads?
..
Thanks
onetitfemme

Re: root/admin and client users in an application

onetitfemme came down from teh mountain with the following on a stone
tablet:

> I need to secure an application somewhat and I am trying:
> .
> 1._ for the source/app executable code not to be viewed/hacked
> .
> 2._ to not store passwords or user names of any kind. They must not be
> permanently stored by the application
> .
> 2.1_ user would just enter theri login info at the command prompt
> nothing is stored in a file so that dictionary attacks aren't possible
> .
> 3._ for the application to pretty much take care of security itself
> not the OS
> .
> I am a coder and don't know much about the details of how to
> approach such a problem
> .
> How would you? Any leads?

Store pairs of hashes, pick the best algorithm you can get code for, or roll
your own.

--
Froz....

Bridge ahead. Pay troll.

Re: root/admin and client users in an application

"onetitfemme" wrote in
news:1160161976.117614.326310@m73g2000cwd.googlegroups.com:

> I need to secure an application somewhat and I am trying:
> .
> 1._ for the source/app executable code not to be viewed/hacked

Impossible to achieve...

> 2._ to not store passwords or user names of any kind. They must not be
> permanently stored by the application

I don't see any problem here...

> 2.1_ user would just enter theri login info at the command prompt
> nothing is stored in a file so that dictionary attacks aren't possible


This could be a problem. How would you intend to retrieve the login data
for verification?

> .
> 3._ for the application to pretty much take care of security itself
> not the OS

What sort of security?




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: October 6th, 2006

Re: root/admin and client users in an application

Dustin Cook wrote:

>
> > I need to secure an application somewhat and I am trying:
> > .
> > 1._ for the source/app executable code not to be viewed/hacked
>
> Impossible to achieve...

Dustin,

I'm just curious about this. I assume this is because the executable
can be disassembled
and the assembly code can be read.... So even if you could encrypt the
executable, and still have it execute you could simply cause it to dump
core, and read the corefile.... Or if you had the executable
firewalled, and protected on the remote server by the best firewalls
available
once the program ran on your computer locally, once again you could
crash it and read the corefile... correct?

Rhino

Re: root/admin and client users in an application

http://www.rentacoder.com

Re: root/admin and client users in an application

"Rhino 007" wrote in news:1160278054.829972.9000
@i3g2000cwc.googlegroups.com:

>
> Dustin Cook wrote:
>
>>
>> > I need to secure an application somewhat and I am trying:
>> > .
>> > 1._ for the source/app executable code not to be viewed/hacked
>>
>> Impossible to achieve...
>
> Dustin,
>
> I'm just curious about this. I assume this is because the executable
> can be disassembled
> and the assembly code can be read.... So even if you could encrypt the
> executable, and still have it execute you could simply cause it to dump
> core, and read the corefile.... Or if you had the executable


I'm not sure about dumping core, but given enough time with the proper
tools one could disassemble the executable, yes.

> firewalled, and protected on the remote server by the best firewalls
> available

If it's going to run on the client pc, assuming it is actually running on
the client pc, the firewall becomes a moot point... However, if your
doing something like vnc, and it's not actually running on the client,
and the client has no direct access to the program, then you could say
it's fairly safe from being cracked/examined, yes.

> once the program ran on your computer locally, once again you could
> crash it and read the corefile... correct?

The goal isn't to crash the program if at all possible, the goal or idea
rather is to trace the programs calls as it runs.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: October 6th, 2006