LiveCode Forums

I have a mainstack that has one substack with sensitive information in it. The mainstack can open, but one cannot proceed to the substack without the correct password.
Even though it is encrypted, I would feel more comfortable if there was absolutely no way someone could open the substack through livecode.
I seem to remember something about using "stackfiles" I've been years away from this, sorry.

oldummy wrote: ↑

Thu Sep 12, 2019 4:22 pm

I would feel more comfortable if there was absolutely no way someone could open the substack through livecode.

I don't think there is any way to make a 100% lock.

Anyone know if a separate password protected stack is more secure than a password protected subStack?

Craig

dunbarx wrote: ↑

Thu Sep 12, 2019 4:59 pm

Anyone know if a separate password protected stack is more secure than a password protected subStack?

I doubt there's a difference. The only unique thing about a substack is that it's inside the same file on disk. But it acts the same either way.

If a user has access to the IDE there's no good way to prevent the stack from being accessed, though they can't view the scripts. However, you could store the binary stack as a custom property and only extract it when you need to. I've done this.

1. During development, save the stack to disk. Then set a custom property to url ("binfile:" & <path to file>). The binary file is now a custom property.
2. When you want to work with the stack, write the custom property to an obscure location and open it from there. I use tempName() to get a unique file name. The temporary file location is fairly obscure and on OS X is not easily accessed by users. Since your scripts are encrypted, users won't even know they should look.
3. When you're done with the stack, save it (to the temp file) and then put the binary file back into the custom property, and delete the temp file.

If you only want to read the stack and not save any changes, you can just open it directly from the custom property without saving to disk first:
This is about as good as it gets. Anyone who has tools that can read the contents of memory will see it anyway, you can't prevent that.

no good way to prevent the stack from being accessed, though they can't view the scripts

So, store your sensitive information in a script of an object on the substack.

If you read the stack file and encrypt it before storing it in a custom prop, you can use password stored in an encrypted script in the mainstack for reasonable security.

Thank you all.