Issue: 14.3 (May/June 2016)
Author: Marc Zeedar
Author Bio: Marc taught himself programming in high school when he bought his first computer but had no money for software. He's had fun learning ever since.
Article Description: No description available.
Article Length (in bytes): 13,378
Starting Page Number: 64
Article Number: 14308
14308project.zip Updated: 2016-05-02 11:16:06
Related Link(s): None
Excerpt of article text...
Security in your apps is complicated. At least
realsecurity. But there are some things you can do to help make it harder for crackers. If you use a string in your Xojo app (i.e. "MySecretPassword") that text will show up as plain text in your app—easily searchable by anyone.
A simple solution is to hide—
obfuscate—strings in your application. Not all strings, but important ones you don't want hackers or even your users accidentally discovering, such as serial numbers of third party code modules, secret information related to your registration system, salts (
https://en.wikipedia.org/wiki/Salt_(cryptography)), email addresses, phone numbers, and so on.
You might assume you could just encrypt such information—but then how would your app know how to decrypt it without a key? That key would have to be hidden in your app somewhere... which isn't secure.
The trick then is to
obscurethe information. Note that this isn't foolproof. A determined hacker might still be able to reverse engineer your scheme. But that's unlikely unless your app is a prominent target for some reason.
So today we're going to explore a little
obfuscationroutine I've created. Note that I make no claim to be a security expert and I can't vouch for the security of this particular algorithm—and the fact that it's been published in a magazine means you shouldn't use it exactly as-is. You'll want to tweak it and modify it in a unique way for your own use. More on that later.
The Obfuscate Algorithm
...End of Excerpt. Please purchase the magazine to read the full article.