Change a Password

**bobbie** · 01-17-2007, 08:09 AM

Sqlite, registry, ini file.
All I can think of right now.

**TristanD** · 01-17-2007, 12:14 PM

hi, A-SRC

Gimme ya project.. i'll fix it

(I;ve recently applied this to a project of mine )

**AlexSugar** · 01-18-2007, 05:06 AM

Hi Tristan,

It's a little bit impossible right now to send you my project. Me and Mr. RizlaUK do different tasks with my project. So, make a little example with 2 Pages : On the first page - A dialog object with an password (which locks the access to the next page). And on the second page you can change the password...

PS.: You will be added to my support-team list too. You helped me much!
Thank you.

**TristanD** · 01-18-2007, 08:10 AM

the example will be using the registery for the password but the pass isn't readable from the reg

** working on it right now **

**AlexSugar** · 01-18-2007, 08:40 AM

Hmm... Seem to be cool

So if I create or change the password, the application creates a reg file to the system, right?

Then it's excellent!

**TristanD** · 01-18-2007, 08:41 AM

this project is just to broken right now .. :(:(

Attached Files

Password-TristanD.apz (12.1 KB, 83 views)

**TristanD** · 01-18-2007, 08:50 AM

here is a diffrent project of mine that uses a password protection...

take a look at the startup code

Attached Files

Save-Notes-2007-TristanD.apz (27.0 KB, 81 views)

**TJ_Tigger** · 01-18-2007, 09:02 AM

The registry is not the safest place to store information like passwords. Especially in a format that can be decrypted. If you must store an encrypted version of a password in the registry I would suggest using an MD5 hash and adding random characters to it at either the beginning or end to make it more secure. This is to defeat some of the MD5 dictionary *****ers that are out there.

Based on the code in your First Project all I would have to do is delete the registry entry and it would appear as if it is a first run and I could enter my own password to get around it.

I don't have any better suggestions than the above to help in securing the app, maybe others will chime in. I would recommend MD5 over other encryption decryption formats. You may also want to see about putting a file in the directory of the app that identifies whether or not a password has been set and if it has and the registry is empty then tell them they are doing a bad thing. Just a thought

Tigg

**AlexSugar** · 01-18-2007, 09:11 AM

Tristan, Save Notes 2007 seems to be good for me, but it really working bad... Even if I enter your Password-TristanD he has some syntax errors

**TristanD** · 01-18-2007, 09:12 AM

syntax errors?

**AlexSugar** · 01-18-2007, 09:14 AM

TJ_Tigger thank you for your suggestion, but I don't need to protect the secret information. It's just a little protection of the hidden page, where you can make some changes in the application. I think nobody will mess with it, because it is much easier to download the full version of the application and get your own password (in the future).

**TristanD** · 01-18-2007, 09:17 AM

Save Notes has no syntax errors........

Suga, This is a little complicated password protect.. For easy use.. (modify it to suit your needs)

Code:

sn_reg_entry = Registry.DoesKeyExist(HKEY_CURRENT_USER, "Software\\Save Notes 2007");
if sn_reg_entry == false then
Registry.CreateKey(HKEY_CURRENT_USER, "Software\\Save Notes 2007");
def_key_prompt = Dialog.Input("Please Enter a default Encryption key", "Enter Default Key below. The Encryption key you enter below will be used for encryption everything you save with this program. If you lose this key you will not be able to read or save files.", "", MB_ICONQUESTION);
crypt_def_pw = Crypto.BlowfishEncryptString(def_key_prompt, "def_key_prompt", 0);
	if def_key_prompt ~= "CANCEL" then
	Registry.CreateKey(HKEY_CURRENT_USER, "Software\\Save Notes 2007\\def_key");
	Registry.SetValue(HKEY_CURRENT_USER, "Software\\Save Notes 2007", "def_key", crypt_def_pw, REG_SZ);
	elseif def_key_prompt == "CANCEL" then
	Registry.DeleteKey(HKEY_CURRENT_USER, "Software\\Save Notes 2007");
	Application.Exit(0);
	end
else
	reg_get_key = Registry.GetValue(HKEY_CURRENT_USER, "Software\\Save Notes 2007", "def_key", false);
	decrypt_def_pw = Crypto.BlowfishDecryptString(reg_get_key, "def_key_prompt");
	def_key_input = Dialog.Input("Enter Your Encryption Key", "Enter the Encryption key you specified on first application start.", "", MB_ICONQUESTION);
	if def_key_input ~= "CANCEL" then
	def_key_check = String.Compare(decrypt_def_pw, def_key_input);
		if (def_key_check == -1) then
		def_key_error = Dialog.Message("Oops", "You did not supply the right encryption key, Program will close now", MB_OK, MB_ICONINFORMATION, MB_DEFBUTTON1);
		Application.Exit(0);
		elseif (def_key_check == 1) then
		def_key_error = Dialog.Message("Oops", "You did not supply the right encryption key, Program will close now", MB_OK, MB_ICONINFORMATION, MB_DEFBUTTON1);
		Application.Exit(0);
		end
	elseif def_key_input == "CANCEL" then
	no_key = Dialog.Message("Oops", "You did not enter a encryption key, Program will close now", MB_OK, MB_ICONINFORMATION, MB_DEFBUTTON1);
		if no_key ~= "OK" then
		Application.Exit(0);
		end
		
	end
	
end

**AlexSugar** · 01-18-2007, 09:18 AM

Yes,
first, I fixed a little error (you forgot an "end" on startup script) and now I get this one:

On Startup Line 7: attemp to index global "pw_input"

I meant you PASSWORD-TRISTAND

Not Save-Notes-2007 , sorry :lol

**AlexSugar** · 01-18-2007, 09:23 AM

Tristan,
I'll better use your Save-Notes-2007 script, seems to be better for my project!

Change a Password

Change a Password

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment