TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
robertkjr
NA
61
0
C# & VB.NET RANT!
Nov 19 2004 11:14 AM
The .EXE files... Have you ever opened them in notepad? You can view every text variable set in your program! How can Microsoft compile them this way?? Steps to reproduce this security hole: 1) Create a program in .NET and compile it to EXE. Program needs to have at least this in it: string t; t = "hello I'm a security hole"; 2) Open Notepad 3) Turn the wordwrap on. 4) Open the EXE file created by .NET (or maybe even earlier compilers) in notepad. 5) Scroll down a ways till you get to this section where there are a list of variable names. 6) Just passed that is the variables contents listed in order double spaced. So the above example would look like this in the EXE file - h e l l o I ' m a s e c u r i t y h o l e Say you have a password that you set... which obviously is not a thing to do anymore ever. password = "password"; You could search in your exe file, and find 'p a s s w o r d' Isn't that crazy? Why I say... Why!? The problem in my case, is that I have a program with lots of database calls. Well these calls I use a cmdStr = "Select whatever from whatever" Well that ends up in the exe file as plain text double spaced. I don't want anybody seeing that stuff!
Reply
Answers (
4
)
IPAddress.HostToNetworkOrder ?
Excel using ado.net - operation must use an updateable query