Preventing substack from being opened

Got a LiveCode personal license? Are you a beginner, hobbyist or educator that's new to LiveCode? This forum is the place to go for help getting started. Welcome!

Moderators: Klaus, FourthWorld, heatherlaine, kevinmiller

Post Reply
oldummy
Posts: 5
Joined: Mon Jun 13, 2016 3:21 pm

Preventing substack from being opened

Post by oldummy » Thu Sep 12, 2019 4:22 pm

I have a mainstack that has one substack with sensitive information in it. The mainstack can open, but one cannot proceed to the substack without the correct password.
Even though it is encrypted, I would feel more comfortable if there was absolutely no way someone could open the substack through livecode.
I seem to remember something about using "stackfiles" I've been years away from this, sorry.

bogs
Posts: 3688
Joined: Sat Feb 25, 2017 10:45 pm

Re: Preventing substack from being opened

Post by bogs » Thu Sep 12, 2019 4:29 pm

oldummy wrote:
Thu Sep 12, 2019 4:22 pm
I would feel more comfortable if there was absolutely no way someone could open the substack through livecode.
I don't think there is any way to make a 100% lock.
Image

dunbarx
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6113
Joined: Wed May 06, 2009 2:28 pm
Location: New York, NY

Re: Preventing substack from being opened

Post by dunbarx » Thu Sep 12, 2019 4:59 pm

Anyone know if a separate password protected stack is more secure than a password protected subStack?

Craig

jacque
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 5080
Joined: Sat Apr 08, 2006 8:31 pm
Location: Minneapolis MN
Contact:

Re: Preventing substack from being opened

Post by jacque » Fri Sep 13, 2019 7:22 pm

dunbarx wrote:
Thu Sep 12, 2019 4:59 pm
Anyone know if a separate password protected stack is more secure than a password protected subStack?
I doubt there's a difference. The only unique thing about a substack is that it's inside the same file on disk. But it acts the same either way.

If a user has access to the IDE there's no good way to prevent the stack from being accessed, though they can't view the scripts. However, you could store the binary stack as a custom property and only extract it when you need to. I've done this.

1. During development, save the stack to disk. Then set a custom property to url ("binfile:" & <path to file>). The binary file is now a custom property.
2. When you want to work with the stack, write the custom property to an obscure location and open it from there. I use tempName() to get a unique file name. The temporary file location is fairly obscure and on OS X is not easily accessed by users. Since your scripts are encrypted, users won't even know they should look.
3. When you're done with the stack, save it (to the temp file) and then put the binary file back into the custom property, and delete the temp file.

If you only want to read the stack and not save any changes, you can just open it directly from the custom property without saving to disk first:

Code: Select all

  put the cProp of this stack into tSubStack
  go stack tSubStack
This is about as good as it gets. Anyone who has tools that can read the contents of memory will see it anyway, you can't prevent that.
Jacqueline Landman Gay | jacque at hyperactivesw dot com
HyperActive Software | http://www.hyperactivesw.com

richmond62
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 3442
Joined: Fri Feb 19, 2010 10:17 am
Location: Bulgaria

Re: Preventing substack from being opened

Post by richmond62 » Fri Sep 13, 2019 7:35 pm

no good way to prevent the stack from being accessed, though they can't view the scripts
So, store your sensitive information in a script of an object on the substack. :D

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6774
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Preventing substack from being opened

Post by FourthWorld » Fri Sep 13, 2019 10:54 pm

If you read the stack file and encrypt it before storing it in a custom prop, you can use password stored in an encrypted script in the mainstack for reasonable security.
Richard Gaskin
Community volunteer LiveCode Community Liaison

LiveCode development, training, and consulting services: Fourth World Systems: http://FourthWorld.com
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/

Post Reply

Return to “Getting Started with LiveCode - Complete Beginners”