It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I have an application which I don't want people to access unless given explicit permission (via a password). More specifically, this application needs to be "locked" during certain hours of the day unless the user enters a password.
The ability to check the time is simple. The ability to lock the application is what I don't know how to do. The reason that this needs to be done is that the company doesn't trust the user to log out and doesn't want any unauthorized access to the application. This is meant as a sort of last measure just in case.
I didn't write the application though, so I cant embed a password into it. The machine has only one user and I don't want to create others. My user is an admin as well, therefore most options appealing to use of the os to provide security wont work.
Any ideas on how to accomplish this?
I'm dealing with Mac OS X but would prefer an OS independent solution. Any solution involving C or C++ is welcome.
Thanks!
How about you embed the app in an encrypted disk image bundle? As long as the only user that uses it never copies it from there and properly unmounts the bundle afterwards, i think it would accomplish what you want:
Create a new encrypted disk image (DMG) using Disk Utility (this allows you to enter a password), store it anywhere within the user's home directory.
Mount the DMG and place the app you're trying to protect inside it
Create an alias to the app within the mounted DMG and place it on the desktop
Unmount the DMG
After that, when the user double-clicks the alias on the desktop, the user is prompted for the DMG's password. If it's correct, the DMG is mounted and the app is started automatically and directly.
To auto-unmount afterwards perhaps you could script something that uses the diskutil shell command, like this: > diskutil unmount /Volumes/DMG_NAME
All you have to do then is:
remove any unencrypted copies of the app from the system
explicitly inform your user to unmount the DMG when he's done using the app (or script this to do it automatically)
explain to your fellow StackOverflowers what the actual issue is that you're solving. Msw has a point and I hope you can elaborate a bit.
Obviously with this set-up nothing's going to be 100% secure, but for casual users you can encrypt the application with the password, then write a launching application that decrypts and launches the application when the password is entered, and deletes the application when it quits.
#include <stdio.h>
#include <string.h>
char buf[BUFSIZ]
puts('what is the secret password? ');
fgets(buf, BUFSIZ, stdin);
if (strcmp('secret', buf)) exit(1);
Should work as well as anything else you might code, and has the advantage of simplicity and portability.
Related
A simple question. Is it possible to lock a directory under linux ? Actually what I need is that only one application (which I wrote) has an access to a specified directory which is created by this application. So basically it is a cache directory for that app and so-far users have been messing with it. so i wish to prevent this in future.
Is it possible to do this?? and how (language: c++)?
Not possible in standard C++ at all.
Under linux, use setuid permissions on the executable, so it runs in context of its owner. Then you can lock down access permissions for the directory, so it is only accessible to the owner of the executable.
Of course, this doesn't stop users using your program from messing with your cache. You need to design your program so it prevents inappropriate actions by users. And make sure the owner account (which can be set up specifically for your application) does not have more privileges than it needs.
If you trust people who have "root" permission on the system(s) that this is installed on, you can rely on having a special user or group, and use setuid and/or setgid to prevent others from tampering with the file. This does, however, mean that the installer of the software will need to have root permission, so "any" user can't install the software, which in some circumstances may not be a good solution.
The better solution is really to either have a hash of the file stored in the file [plus some constant data or some such, so that the user can't just run sha1 modified-file and get the "right hash"], or encrypt the whole file.
The problem with BOTH of these methods is that you still can't rely on it 100% - someone with enough motivation and resources will figure out what the constant data is, and just calculate that as new hash after modifying the data in your file. And similarly, assuming your application knows how to decrypt the file, the application can be reverse engineered to find the encryption key and encryption method.
So you are fighting a "code war" (pun on cold war) against your "users".
There are commercial solutions available for license management (and that I have been the user of is FlexLM, but there are several others too). This is a little more work, and will probably cost a little bit in license fees, but you will save yourself a whole heap of potential headache if you use a commercial product.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I am developing a web interface for a C++ application that runs on an embedded system.
I was wondering if it was possible to make a web interface that could be used to manage (set and get values) and display data provided by the application. (Something like Nagios.)
My question is: is there any technology that allows me to "communicate" between the Web interface and the C++ application?
Keep in mind that I have to do this on an embedded system, so I can't use frameworks or other things that are too heavy.
The Web Interface has to be outside the C++ Application (I don't want to code the interface in the C++ Applicaiton).
My idea was to use HTML5 and Javascript for the Web Interface, the web server which i will use is also lightweight (nginx).
If someone could give me any pointers it would be nice. Thank you in advance.
So you need two things: a local interface your web page can use to configure the C++ app, and the web page itself.
There are a few common mechanisms for such local interfaces:
modify a config file, and send SIGHUP to make the application re-read it
advantage is that you can test (and use) it directly from a shell, independently of the web interface
also note that changes persist automatically
disadvantage is that you need some scheme for storing a "last good" config file in case the edited one is damaged
use a local streams socket and simple protocol (either a UNIX socket if supported, or a localhost:port loopback-only TCP socket)
advantage is that you don't touch (and possibly damage) the config file(s)
disadvantages are that you then need some other way of persisting changes, if you want to, and that you have to write this protocol in the first place
note that so long as the protocol is text-based and not binary, you can at least still test it with telnet or netcat, so you can still use it directly from the shell
simple protocol like set variable=value, get variable etc. shouldn't be too hard
If you really want to decouple the web and C++ applications, make sure you can query the available options, ideally giving types, valid ranges and groups for them. Then, you can avoid re-coding the web page every time you add or modify an option.
You can manage that with magic comments in a config file (make sure nothing is silently defaulted with no comment), or with a list command to the stream socket.
With a bit of effort, you can probably build your grouping, data type and validation constraints into the type system of your C++ application, so both the local interface and web app can be driven automatically.
If you drop the requirement that the web server be in a different process, there are a bunch of solutions
lightweight web servers
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I need a variable which will contain the best player's score in C++ . So I need something which will not be erased after the program ends and every time when someone gets a higher score that variable must be replaced with a new one . I know that I can save that number in .txt file , but I would like to know if there is an alternative way ?
You could using something like OpenKeyval.
Setting the highscore would be a POST request:
$ curl http://api.openkeyval.org/highscore -d "data=1000"
Getting the highscore is a GET request:
$ curl http://api.openkeyval.org/highscore
1000
One alternative is to store it in a SQLite database. That way you've got the flexibility of a database without needing to run or connect to a server.
You have three main options that I can think of:
1.) Store it in a file
2.) Store it in the registry (http://forum.codecall.net/topic/63205-registry-operations-using-win32-part-1/)
3.) Store it on a server online that you can read or write to
The most generic and "portable" way is to store it in a text file. Of course, that is also open to abuse, someone can open the file in notepad and change the score from 1234 to 999999, or similar.
Storing in a binary file will work, but is sensitive to machine architecture and size of the variable.
Windows has a "registry", which can be used to store strings or binary data, similar to files. But obviously won't work if you decide to move your game to Linux, for example.
If you want to keep track of all scores for all games played, a database may be a better solution than a simple file. There are databases for "local use", such as SQLite or MySql that you can run on your own machine (MySql will also run over network and can be centralized to a set of machines on the same network, and it used for a vast number of web-based applications).
And you could set up a (or use some existing) website, and use program driven web-access to store and restore the values. Or you could store a file on an FTP server, which is pretty much the same as web-access, but a little more "messing about" to configure and set up (and potentially more difficult to get through certain firewalls). Of course, if you want to have a "world-wide" top score, personal stats for each player, etc, then a web-based solution is probably the right way to go - but would also need a bit of security to prevent someone from just faking the score.
All choices have their benefits and drawbacks. Which is YOUR best choice really depends on what your ultimate goal is with your game. If it's simply a case of "Let's make a little game of tetris at home for myself and my friends to play", then it's probably not a big deal to keep the score in a text file. If you are looking for the next generation of World of Warcraft or some such, then web-based is almost certainly the ONLY solution.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
Can someone give me some guidance on my problem - I am writing a game (CryEngine) and I need to know how to send data - including usernames and passwords to a server where they can be stored in a database and shown on a webpage displaying the players "stats". I'd like to start with the usernames and passwords as they are the most paramount that I get right, the other stuff really doesnt have to be encrypted. Although, it might make it a bit harder for hackers to alter their stats.
So how would I approach doing this? I know my way around C++ and I have been using it for a while, I have already built a system that stores and captures the player's kills and XP etc. but this bit sounds more tricky. It sounds like I'm going to make heavy use of BOOST and possibly OpenSSL, but having never used these libraries before or having to make a secure system, I'm slightly confused. Any help or general directions are greatly appreciated!
Open SSL sounds solid, have a look here: http://www.ibm.com/developerworks/linux/library/l-openssl/index.html .
You can use almost every crypting library for this (better not writing your own stuff) but since it is client/server anyway, using a protocol/system that was designed to do exactly this, your best bet is openSSL.
The rest is a secured server with some sort of application running on it (Java EE) and handling the entries in some sort of database.
Then choose some web-language of your preference to retrieve database entries.
PS: dont do it live (eg. every headshot is an entry) but transmit the final results of a round, or once every X minutes.
I suggest using HTTPS.
Link against libcurl and with a few cookbook examples from the net you can have your client portion ready in a couple of minutes or hours. Fiddling with OpenSSL by hand could take days or weeks if you are new to it.
For the server part you can use your game's existing web server. Your game is going to have a web site, isn't it? The users will be able to access their stats via their web browsers too.
If you want to protect the score update mechanism, use regular cryptography API like crypt and a key hidden in the code to obfuscate/deobfuscate the player's score update password. It's obfuscation, not encryption, since the key ultimately resides on the client machine and can be recovered with a debugger.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I am working on a project with qt, I need to save data(file path and password) permanently so I can get it or modify it any time even when I exit my application and rerun it.
I thought to solve it with an encrypted xml file but I want to do it without trace.
You either use a file or some other platform specific database mechanism, like Windows' registry. But then it would leave a trace; you can't hope to store something locally and don't leave a trace without rootkiting the operating system (and even that would leave a trace in the hardware, after all, you are writing your data to the drive).
One thing you can hope to do without leaving a trace, is to store the data remotely in some server via the network, since network activity usually is not logged (but can be observed), but I can see 2 problems with this approach:
1) it may be pose some privacy concern to your user (if I were an user of your application, I would not like too see my data sent over the wire to an unknown server);
2) how could you identify the information so that you can retrieve it? You could use some hash with the user name and computer hard drive id and network interfaces MAC adresses, but if some of these change, the data would be lost. You could also generate an unique id for each installation of your application, but it would require you to store that ID locally, and that would be a trace.
Local cryptography to prevent reading/tampering with the data is inherently insecure, because you will need to have some repeatable mean to retrieve the key. How would you do it? If you simply hardcode it in your application, it is easily retrievable by some binary file reader. It can't be on a file named 'key.txt', for obvious reasons. You can compute it at runtime with some complicated algorithm, but you will always need to have it loaded into memory at some point, from where it can be retrieved by someone willingly enough.
It is certainly not possible to save something on the computer without a trace. Everything is visible to root user.
But if you do not want to let others to change it, you can encrypt it, hide it and set it read-only and root edit permission only. But not to let any one find it is impossible. (are you trying to make a virus?) Even if you put in the BIOS, there is way to find it.