LabVIEW
How to prevent outside access to my application's user authentication file?
Let say I have an applicationi that requires user-authentication along with the ability assign the user to different groups (user, supervisor, admin). Now lets say my application stores and checks the user credentials in c:\secrets.txt and I use MD5 as the hashing function such that I'm not storing the passwords in plain text. The question is, how does one prevent a user from attacking the c:\secrets.txt file through the OS? For example, what's to stop a user from editing the C:\secrets.txt file such that he alters the Adminstrator's MD5 hash to a hash value known to the attacker? Or, perhaps the attacker simply escillates his privledge field from 'user' to 'admin'. If the answer is to make the secrets.txt file read only by the OS, then how do I make it so the LV app can alter it? Does windows have the capability to assign per-executable permissions to files?
Essentially, I think I am looking for the Windows equivilent of Unix/Linux's 'chmod +s' if such a thing exists. Any ideas?
Thanks
Thank for your the links and the encrypting idea. I just got further information that the system upon which the `secrets.txt` file will be located may be under a LabVIEW Real-Time system. If that's the case, I don't believe the .NET approach will work will it? Perhaps the answer is just to XOR each line with a symmetic key that only I know. Or perhaps compress/zip the file with a password if such a thing exists on LabVIEW RT.
