Hey,

I was hoping someone could help me with deciding the best way for me to do the following...

I have or rather will be making an application, this application will not be open source it will just be a exe file. The software is more a project management system that connects to a MySQL database to share information.

The information will be set by the manager of the project to connect to a certain database and then passed on with the .exe (the information being, MySQL server, user and password), obviously this information you do not want others, including anyone which is not a manager to see so i can not just stick the information in an XML file, nor could i just put it on the web in a text file.

What can i do to hide this information yet still use it?

Any ideas would be great.
Lee.

__________________

---

Hmmm...Here's a few suggestions, though I'm not a VB programmer:

1) Encrypt it using a password that you can setup on both ends.
2) If VB doesn't have an easy-to-use encryption function and it does have a hashing function, hash the password against a secret seed and use that with the One-time pad - Wikipedia, the free encyclopedia method. This assumes that your hashed code will be used only once, of course.
3) Failing the above 2 methods then ... Not totally sure as encryption is not available then. I can think about it more if you don't have the above 2 options and other suggestions are encouraged!

__________________
Jeremy Miller
Content Farmer - Optimized Automated Blog Posting

---

I have thought about hashing, the problem with hashing is if i hash it i can not use that value again, that value must be used by the program to access the database, as i have said the user would not know this password.

If i where to encrypt it couldn't someone just decrypt it?

__________________

---

I understand. What I was saying was to use the hash result as your key for encryption/decryption using the OTP method.

Yes, anything which can be encrypted can be decrypted if the key is available. That's why I suggested having the password setup on both ends -- then it is encrypted during transit.

__________________
Jeremy Miller
Content Farmer - Optimized Automated Blog Posting

---

Send out your application with a "shared secret". Your app and your website know how to decrypt values... but that's it. deep in your assembly lives the word "chicken-pox" and your website knows "chicken-pox" as well. Just use that value to decrypt and encrypt 256 over SSL.

__________________
Day Cares | Golf Courses | Disc Golf Courses | Campgrounds | Ice Rinks | Paintball Fields | Dentists | Plastic Surgeons | Aging Jokes
Catholic Churches | Lutheran Churches | Methodist Churches | Episcopal Churches | Clean Jokes

---

Thanks for your suggestions, could you possibly tell me or point me to a good source of how to communicate with a MySQL database using SSL from my application?

__________________

---

Never done that one myself. It'll be interesting to see what others suggest.

__________________
Jeremy Miller
Content Farmer - Optimized Automated Blog Posting

---

Well, it doesn't matter how you communicate or save - just make sure u got a legit cert (for SSL). Once you make the "secure" SSL handshake, just encrypt your SOAP values with your shared secret. Heck, you could even pass the shared secret encrypted with a diff shared secret - then you can have an easily instanlty changable encryption key... but anways, use SSL and encrypt your SOAP Values

__________________
Day Cares | Golf Courses | Disc Golf Courses | Campgrounds | Ice Rinks | Paintball Fields | Dentists | Plastic Surgeons | Aging Jokes
Catholic Churches | Lutheran Churches | Methodist Churches | Episcopal Churches | Clean Jokes

---

Well i am not sure i will be able to use this as i dont have a SSL cert, have you got any other ways of encryption?

__________________

---