Hi Pedro,<br><br><div class="gmail_quote">On 17 May 2011 16:52, Pedro d&#39;Aquino <span dir="ltr">&lt;<a href="mailto:pedro.daquino@gmail.com">pedro.daquino@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hello,<br>
<br>
I&#39;m using Boost.MPL to obfuscate sensitive strings during compilation.<br>
I wrote a class called obf_string which can be used in the following<br>
way:<br>
<br>
obf_string&lt;&#39;my_d&#39;,&#39;atab&#39;,&#39;ase_&#39;,&#39;pass&#39;,&#39;word&#39;&gt; password;<br>
connect_to_db( password.unobfuscate() );<br>
<br>
If someone runs strings.exe on this executable, they will not see<br>
&quot;my_database_password&quot; listed there, because it has been XORed with a<br>
binary mask. This approach has several benefits over e.g.<br>
preprocessing all the source files with a tool that encrypts all<br>
strings. The most significant is that I can easily see and change the<br>
string.<br></blockquote><div><br>I don&#39;t know if this applies to you but... any halfway decent assembly language programmer with operating system expertise will be able to set a breakpoint for relevant O.S. or library calls. In Linux its even easier - use the strace command and it lists OS calls to stdout.<br>
<br>One place I worked at used the Windows registry to store ODBC and SQL parameters.<br><br>Just how hostile are you expecting the end users of your application to be?<br><br>HTH,<br><br></div><br>Ian<br clear="all"></div>
<br>-- <br>-- ACCU - Professionalism in programming - <a href="http://www.accu.org/">http://www.accu.org/</a> <br>