Is a BD string constant safe to use as an unchangable internal password?

comrade · ‎10-28-2013

Hello everyone,

for the reason of restricting access to certain ini-files of my program I intend to use the password protection of ZIP files coming with the openG library toolkit and thus save those critical files within a protected ZIP archive. Of course, some time when running the initialization of the programm I will have to give the UnZip function the required password to read those files' contents. Now my question is whether the use of a mere string constant on the block diagram would be sufficiently safe to use here.

I tried to find a string constant text within the saved test VI file using Notepad++ but wasn't able to. So far so good. Is there any other straight forward way to get any string constant value from the VI file without utilizing LabVIEW and opening the BD (which of course would be PW protected as well)? The needed security level is really not that high, I just want to rule out any obvious loophole I might not be aware of here.

Of course - while the ZIP archive remains open during read access when initializing, anyone could read the files from the hard disk. But this would take a certain amount of "criminal intent" I don't really want to secure the application against.

Thanks for the thoughts anyone might share.

Hooovahh · ‎10-28-2013

It depends on your needs. It sounds like you don't need to be impossible to crack you just want some level of security. For that the zip method is probably fine, but keep in mind that the unzip function is as you said, a flaw in it self because the files will be uncompressed at some point.

Another solution is to write your files as binary. Then only if you know the structure of your data will you be able to understand it. This becomes a bit of a pain as you need to update your data type but a type def helps out with that.

EDIT: to also answer your question, I have never been able to find something like a string constant on a block diagram, my analyzing a VI on disk.

Unofficial Forum Rules and Guidelines
Get going with G! - LabVIEW Wiki.

17 Part Blog on Automotive CAN bus. - Hooovahh - LabVIEW Overlord

comrade · ‎10-28-2013

Thanks for the quick answer, Hooovah.

What I actually wanted to know was whether the string constant on the BD could be read from the VI file without using LabVIEW or any kind of VI viewer (if there are any others).

I have something in mind that when saving, let's say, CTL-contents to a binary file the string texts contained in the CTL will be plainly readable. Could be I confuse it with something else but I feel like I tried that before.

..testing...

...back: Yepp, like I remembered the text constant will be plain readable, see attached image

Sure - If I remain the only one who knows where to look for the PW in this binary file there certainly is a small chance anyone would deduct that this might just be an access password he's reading there.

Hooovahh · ‎10-28-2013

I guess you are right. One thing I think that will break is if you try to edit that string and have it be a different length. So I don't think the user could really edit the changes much, but still you are probably right to not use that method if you have strings that you don't want the user to be able to see.

Unofficial Forum Rules and Guidelines
Get going with G! - LabVIEW Wiki.

17 Part Blog on Automotive CAN bus. - Hooovahh - LabVIEW Overlord

comrade · ‎10-28-2013

Thanks for your opinion and your statement concerning my question. Solution accepted and kudo given.

LabVIEW

Is a BD string constant safe to use as an unchangable internal password?

Is a BD string constant safe to use as an unchangable internal password?

Re: Is a BD string constant safe to use as an unchangable internal password?

Re: Is a BD string constant safe to use as an unchangable internal password?

Re: Is a BD string constant safe to use as an unchangable internal password?

Re: Is a BD string constant safe to use as an unchangable internal password?