Visual Basic Program

Discussion in 'Programming' started by Hecky, Mar 31, 2007.

0
  1. #1
    Hi,


    I just made a multiplication game, which uploads the scores to an FTP server and also saves on the hard disk.

    I am hoping that some of you would be so kind as to test it out, and If It works I might post it in the contests forum and award $5 to winner. It's taken me the whole day, and I thought it would only take an hour or so.

    Anyway, if you would like to download it, please PM me and tell me any faults.

    Also, is FTP secure in Visual basic, with no way to extract the password from it?

    Hecky
     
    Hecky, Mar 31, 2007 IP
  2. JenniP

    JenniP Peon

    Messages:
    250
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Is your password secure? Being brutal certainly not. If someone wants to get that password out of your application they will.

    Now how easy it will actually be will depends on several factors
    • Is it a web site or a downloadable EXE?
      If its a website someone will have to hack into your server to get the code, if its an exe download any hacker will have everything they need to extract the password. If it is web based the rest of the items don't really matter.
    • Is it written in classic VB or VB.NET
      If its Classic VB version 4, 5 or 6 it will be a bit more secure than VB.NET if its VB3 then its about as secure as VB.NET. Why? Because VB.NET and early versions of VB are not compiled into machine code, and this intermediate code is fairly easy to convert back into human readable code including your password.
    • Is the password encrypted within the code
      If the password is not encrypted, even if its properly compiled a quick scan through the EXE will find the password, if it is encrypted then someone can use a debugger to trace the code and extract the password
    • Is the password sent to the FTP server encrypted
      If the password is not sent to the FTP server encrypted you can get a localhost proxy which will capture the traffic between your application and your server.

    Then you get to what you can do with the password once you've extracted it, is the FTP server locked down, is the FTP server patched and free of any hacks etc etc, if you have access to the FTP server you will be able to upload anything increasing the possible chance of executing a hackers code on your webserver.

    You would be better off instead of using FTP, creating a web service instead, it will allow you to do the same but does reduce the chance of being compromised as any upload will go through your code which can do server side validation to ensure the uploads are what you expecting.

    Jen
     
    JenniP, Mar 31, 2007 IP