[yunqa.de] Re: Database password
- From: Delphi Inspiration <delphi@xxxxxxxx>
- To: yunqa@xxxxxxxxxxxxx
- Date: Thu, 21 Oct 2010 14:11:44 +0200
On 20.10.2010 17:10, Radovan Antloga wrote:
> I'm testing my app's for migration to D2010.
> I have noticed that Password property can't
> be stored in DFM.
The TDISQLite3Database.Password property is stored well with all Delphi
versions up to Delphi 2007. Only Unicode Delphis, starting with Delphi
2009, have a problem storing this property. This results from the fact
that the password's type is RawByteString with these versions instead of
AnsiString. This suppresses Delphi's automatic character set conversion
which could result in accidental password corruption.
Strangely, in my opinion, Delphi never streams RawByteString properties.
This is apparently by design, as was revealed by the Delphi forums
discussion when the issue became known first.
> If it can't be stored maybe it should not be published (I see it is
> AnsiString).
For incompatibility reasons, it is too late to withdraw the
TDISQLite3Database.Password published visibility now.
Unfortunately, I am not aware of any workaround to Delphi's streaming
system which allows to save a RawByteString so it can be read back as
AnsiString by older Delphi versions.
Having said that, it is not recommended to save any password in
application's forms for security reasons. Password should be entered by
users, if at all possible.
If you your application needs to open an encrypted database
automatically, please assign the TDISQLite3Database.Password in code. I
also suggest to xor or crypt the password so that its raw text is not
contained in the executable. However, please know that this is still
very unsafe and not recommended!
Ralf
_______________________________________________
Delphi Inspiration mailing list
yunqa@xxxxxxxxxxxxx
//www.freelists.org/list/yunqa
Other related posts:
