i've created program that use FTP to upload some files. Now the problem is that someone can use simple decompiler to see source code (my ftp account details) , what is the best way to encript my program. Is it only possible to encrypt details of my login, or to prevent someone from decompiling my program ? Also I've though about getting data from external source with HTTP request. Would that work ?
Asked
Active
Viewed 473 times
-1
-
You can obfuscate things to make it difficult, but basically: there's no truly safe way to store secrets in code. See also: [Where to store hashes, salts, keys in Desktop Applications](http://stackoverflow.com/questions/28251867/where-to-store-hashes-salts-keys-in-desktop-applications). – Calrion Feb 17 '16 at 08:17
-
2Do not store sensitive account credentials in the app's source code. Store it encrypted outside the program, then load and decrypt it only when needed. And make sure you use FTPS to protect the credentials when transmitting them to the FTP server. Anyone with a network sniffer can obtain unprotected credentials. – Remy Lebeau Feb 17 '16 at 08:33
-
1A hash is not encryption, it's a fingerprint. Nothing can recover the original information from a hash - it's a one-way street that can only be brute-forced against incalculable odds. – J... Feb 17 '16 at 11:57
1 Answers
3
The simple answer is that there is NO WAY to prevent someone decompiling your code.
You can hide embedded passwords using some simple tricks like XOR-ing them with a "key". Or complicated tricks ...
However, if the program is self-contained, then it must be able to recover the hidden password for itself when it runs. And if it can do that, then a hacker can figure out how it does that and do the same calculations hirself.
Stephen C
- 698,415
- 94
- 811
- 1,216