1 Topic by joshuA (edited by joshuA 2022-09-23 20:03:53)

  • Registered: 2019-12-24
  • Posts: 169

Topic: [SOLVED] Role Access Decryption

Hi folks,


I am working on a feature for one of my projects.  So, I created a sub-project to explore the behavior that I had in mind.
I came across one of derek's projects that almost covers it.  Except, I also wanted to use roles with it.


Example-02
This is what I came up with initially.  (Which is one way it could be done if lower level users are to access all the tabs)


Example-03
If I rely on using role-access to hide the tabSheet containing the encrypted fields, I could simply eliminate all of the en/decryption logic.


users:passwords
admin:a
user:u


I would appreciate any thoughts.

-joshuA

Post's attachments

Attachment icon role-access-01.zip 662.2 kb, 130 downloads since 2022-09-22 

"Energy and persistence conquer all things."
  • k245
  • k245
  • Member
  • Offline
  • From: Deep
  • Registered: 2017-10-12
  • Posts: 1,532

Re: [SOLVED] Role Access Decryption

So what is the actual question? Option 03 is working. If you are confused by the fact that each time an encode-decode is performed, add a check like this:

procedure Form2_OnShow (Sender: TObject; Action: string);
begin
  Form2.PageControl1.TabIndex := 0;   //** always show first tab
  if Form2.TabSheet2.TabVisible then
    Form2.tbDetail.Text := DecryptRC5(form2.tbDetail.text,form2.lblKey.caption);   //** decrypt
end;

procedure Form2_bSave_OnClick (Sender: TObject; var Cancel: boolean);
begin
  if Form2.TabSheet2.TabVisible then
    Form2.tbDetail.Text := EncryptRC5(form2.tbDetail.text,form2.lblKey.caption);   //**  encrypt
end;
Визуальное программирование: блог и телеграм-канал.

k245's Website

  • Registered: 2019-12-24
  • Posts: 169

Re: [SOLVED] Role Access Decryption

k245,

Thank you for your response.

I didn't really have a specific question.  I was kindly just asking for any feedback about my approach- which you provided.  Thanks for the example, I hadn't thought about doing it that way.

However, I guess I was touching on the concern about encoding-decoding unnecessarily, which your example handles that nicely too.

-joshuA

"Energy and persistence conquer all things."
  • derek
  • derek
  • Moderator
  • Offline
  • Registered: 2015-02-16
  • Posts: 2,674

Re: [SOLVED] Role Access Decryption

Hi Joshua,
I wonder if you're confusing two issues here (apologies if you're not!).
The point of encryption is not primarily to stop users from being able to see / access sensitive information WITHIN MVD (although it can be used that way), but to stop anyone from being able to examine the data OUTSIDE of MVD (for example, by using something like SQLStudio).
If your concern is the former (ie WITHIN MVD), then there are several ways to achieve this (including the role-based approach you mention).
Derek.

  • Registered: 2019-12-24
  • Posts: 169

Re: [SOLVED] Role Access Decryption

Hi Derek,

No, I do understand the difference between the two points you mention.  But thank you for asking anyway.  And I do require both as you describe them.

My concern is more centered on what is happening to the data inside of MVD.  And I guess, my lack of experience is part of the cause here.  Example 2 kinda hints at this, because I checked for specific role(s) in the logic- even though the tab is hidden using the same condition (just to be certain).

But I am starting to feel at ease with my approach now since you say there are several ways it can be done.  So, thank you for that.


On another note, while you're in here... I was curious as to why you used a form label, in your earlier project, instead of the key being hard coded?

I've also been considering ways to make the key something that can be maintained by the user(s) as well.  I have a few ideas about it, but I haven't gotten that far yet.

-joshuA

"Energy and persistence conquer all things."
  • derek
  • derek
  • Moderator
  • Offline
  • Registered: 2015-02-16
  • Posts: 2,674

Re: [SOLVED] Role Access Decryption

Hi Joshua,
I can't remember what I did yesterday let alone whenever it was I did that - LOL!
I suspect I was just playing around with alternatives to hard-coding an encryption key into the script which seems a little too explicit (even though the .vdb and the .pas files would be deleted in anything that was being used 'for real').  Maybe I was just trying to bury it a couple of levels down.
Derek.

  • Registered: 2019-12-24
  • Posts: 169

Re: [SOLVED] Role Access Decryption

Derek,
Yeah- I can relate to that, but I still had to ask out of curiosity.
I appreciate the responses.
-joshuA

"Energy and persistence conquer all things."