C++ string protection using Mysql Connector

Asked

Viewed 151 times

1

I made a little program to check my database, and wanted to see if the strings were protected (from the password user and the database) and in the case are not. I decompiled the program using IDA PRO and discovered that the strings and information is not protected.

Code in question

con = driver->connect("localhost", "root", "aaasd");

Image of the decompiled code.

Programa descompilado

You can protect those strings? The Connector has some function for string protection (because I didn’t find)?

And what you community people would recommend to me to protect my program (I’ve already looked at some . NET blinders)?

I remember in C# it protected these strings.

The program is for distribution and let’s say that its consumer base is not pleasant, and most likely they will try to decompile the program...

1 answer

2


So there is no solution (that way), if people are able to decompile (and can always fall into the hands of those who can) they are able to decrypt something that needs a key and an algorithm running in the application. But they won’t even bother to check it, just see where to decrypt and get the password flat.

The only solution is not to put the password available anywhere accessible by people. Either use an access integrated with the operating system, or integrated with the database (someone will have to enter a password), or have to leave the application in place that people do not access, or you must make a server application accessible without password and it accesses the database (of course it will have to control the access on its own).

No safe solution for wrong architecture.

  • the business is that the program anyone can download without restriction... I do not think it is a problem to be able to access the code but the password of the database. c# in the Mysql library it hid this string in case of decompilation, it does not have a similar method in c++?

  • 1

    It’s not C# that provides security, it’s the operating system, it just makes it easier. So that’s what I said, there’s a way, but you have to delegate it to the operating system to do this. But still it doesn’t mean that it’s 100% safe since everything is in the person’s computer, it can even go over the operating system.

  • It’s true there’s a way, but it crosses the line for me, you know? type in my head if it is to decompile the program (which is already little known the technique) is worth it (thinking of the head of crazy) but if it is to go over the operating system to decompile not.

  • you have some reference of this function that is called in Mysql, and if I can use it?

  • 1

    It’s possible to encrypt, but it doesn’t solve the problem. What exists and do not know how effective is the complete encryption of the connector itself, but is only available in paid version.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.