CAD CAM EDM DRO - Yahoo Group Archive

Re: [CAD_CAM_EDM_DRO] Languages

Posted by Larry Edington
on 2001-08-20 11:40:18 UTC
> If you're not familiar with Delphi, it's an object Pascal based language
> with a Visual Basic style interface. In my opinion, the components it
offers
> are more complete than those offered with VB, and the price is certainly
> more attractive.

While I've never been a fan of Pascal, I do like Borland C++ builder and
Delphi. It is
in my opinion a much better development system than Visual Basic.

However, there is a SERIOUS problem with Delphi and C++ Builder everyone
needs to be aware of.

While it is a true compiler where Visual Basic is not a true compiler,
Delphi / C++ Builder
leaves a LOT of tokens in the executable that can easily be used by a hacker
to understand
the internals of your program.

So let's say you wrote a program that you wanted to release as shareware
that had a password
or serial number function to unlock it to the full version. It is EXTREMELY
easy to open your executable,
find all of the proceedures, drop directly into the Assembly code for that
password function and hack it.

This fatal limitation is the reason I caution anyone developing commercial
programs to NOT use
one of these compilers to develop it. Unless you don't mind having your
pants down in public.

If you have any secrets in your design, they won't be secrets anymore. If
you insist on using one of
these compilers, at least name your functions ( procedures in Pascal lingo )
with some totally unrelated name
to keep the hackers confused. Don't call check_password, call
setup_variables or some other unrelated
name and don't do your verification check in that code! Do the verification
check in some other
unrelated function.

To further investigate this on your own. Search the net for a program called
Dede.

My advise for a commercial release is to bite the bullet and use MS VC++. I
don't like it but it's more secure
than the competition. I just wish Microsoft would build the ease of use into
VC++ that Delphi has.

All this isn't an issue for most hobbiest programmers. It is a serious issue
for programmers that make money from
their work.

later,
Larry E.

Discussion Thread

Carol & Jerry Jankura 2001-08-20 09:03:51 UTC Languages Bryan-TheBS-Smith 2001-08-20 09:32:04 UTC Re: [CAD_CAM_EDM_DRO] Languages Larry Edington 2001-08-20 11:40:18 UTC Re: [CAD_CAM_EDM_DRO] Languages Bryan-TheBS-Smith 2001-08-20 12:38:30 UTC Re: [CAD_CAM_EDM_DRO] Languages Larry Edington 2001-08-20 13:15:12 UTC Re: [CAD_CAM_EDM_DRO] Languages Bryan-TheBS-Smith 2001-08-20 13:30:49 UTC Re: [CAD_CAM_EDM_DRO] Languages Kevin P. Martin 2001-08-20 13:38:39 UTC RE: [CAD_CAM_EDM_DRO] Languages and reverse-engineerability Tim 2001-08-20 13:43:59 UTC RE: [CAD_CAM_EDM_DRO] Languages Bryan-TheBS-Smith 2001-08-20 13:54:32 UTC Re: [CAD_CAM_EDM_DRO] Languages