Prevent a stack from opening
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller
Re: Prevent a stack from opening
Thank you all once again.
Re: Prevent a stack from opening
I also made my own password manager many years ago and I still use it. In my case, the mainstack does nothing but put up an answer dialog that asks for a password. If correctly entered, it hides itself and opens a stack with all the data. The actual data stack is encrypted and the binary is stored as a custom property of the mainstack. To open it, I had to write it to a temp file briefly, read and decrypt it, and open it. The moment it opens, the temp file is deleted, so it is only on disk for a few milliseconds. The default temp file is located in an obscure place in the file system, and difficult to find if you don't know where it is. And it isn't there very long.
When closing the data stack, the mainstack writes it to disk temporarily, saves it, encrypts it again, and stores it back to the custom property. The mainstack then deletes the temp and quits. Keeping the data stack as a property doesn't allow anyone else to open it except via the mainstack.
Eventually I found that I wanted to access passwords on more than just my computer, so I had the data stack write out relevant data (from marked cards only, I don't need everything) to an encrypted text file which I upload to my server in a private location. Then I wrote an Android "reader" stack that was disguised as something trivial with a nondescript name. To access the server file, a number of gestures and taps need to be performed in a certain order before the password dialog appears. If you can get through all that, the server file is downloaded, decrypted and kept in a variable, and the visible controls that are part of the disguise are hidden. A search box and editable field appear where I can search the variable for the info I want and copy whatever I need. And one last thing: certain characters in the passwords have been replaced by other characters which only I know about. So even if someone gets through all the above, the passwords they see are not the real ones.
I had fun doing all that. When I want to edit the data, I have to do it on the Mac and re-export the encrypted data file. I have a script that does all that and auto-uploads to my server so it's all done in one click.
When closing the data stack, the mainstack writes it to disk temporarily, saves it, encrypts it again, and stores it back to the custom property. The mainstack then deletes the temp and quits. Keeping the data stack as a property doesn't allow anyone else to open it except via the mainstack.
Eventually I found that I wanted to access passwords on more than just my computer, so I had the data stack write out relevant data (from marked cards only, I don't need everything) to an encrypted text file which I upload to my server in a private location. Then I wrote an Android "reader" stack that was disguised as something trivial with a nondescript name. To access the server file, a number of gestures and taps need to be performed in a certain order before the password dialog appears. If you can get through all that, the server file is downloaded, decrypted and kept in a variable, and the visible controls that are part of the disguise are hidden. A search box and editable field appear where I can search the variable for the info I want and copy whatever I need. And one last thing: certain characters in the passwords have been replaced by other characters which only I know about. So even if someone gets through all the above, the passwords they see are not the real ones.
I had fun doing all that. When I want to edit the data, I have to do it on the Mac and re-export the encrypted data file. I have a script that does all that and auto-uploads to my server so it's all done in one click.
Jacqueline Landman Gay | jacque at hyperactivesw dot com
HyperActive Software | http://www.hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com