1

Im building an application that should consist of a single .exe file which in turn will be distributed by others. In this .exe file there is two hardcoded fields, username and password. The people who are going to distribute this do want the ability to update those fields and change the information.

I have absolutetly no clue how to do this. If there was a dll or config sure, just read them but then the information would be in plain text but there is no such files with the project. The only ones updating the .exe should be the people distributing the application so they are going to have to update and reupload the .exe i suppose but how?

Do I write a new application that somehow decompiles, updates the fields and recompiles it? Or is there a "usual" way of doing this that im not aware of? Or is the only way to go into source code, change the fields and compile a new .exe and replacing the old one?

edit Bad wording from me, its emailaddress and password for using in an smtp client, its hardcoded because the user dont choose which account to send the mail from.

Gvs
  • 267
  • 1
  • 6
  • 16
  • Is this not a ***false sense of security*** since the program can simply be decompiled? Is it a true statement that you want the distributors to be able to set the `username` and `password` but you want to ensure that the user's can't view or change them? – Mike Perrenoud May 14 '13 at 14:10
  • Make a hash-function instead, so they can choose any username, but have to know function to generate proper password. – Sinatr May 14 '13 at 14:10
  • Read what you have just written in the first paragraph, `2 hard coded fields that the users can change` ok sounds like an oxymorified statement.. why not create a process that when the application launches for the first time you hash the particular field in regards to the password. you should never `HARDCODE PASSWORDS`... – MethodMan May 14 '13 at 14:16
  • sorry should have explained, the username and password are infact emailaddress and password for sending mail via smtp client :p, bad wording on my part. The reason its not publicly available is because endusers dont need to see the mailaddress and password being used to send the mail, they only fill in their own mailaddress. – Gvs May 14 '13 at 14:34

1 Answers1

1

Rather than hardcoding the information into the executable, it might make sense to still have an app.config file, but encrypt it, then provide a utility that would write the encrypted app.config with the specified information.

Community
  • 1
  • 1
neminem
  • 2,658
  • 5
  • 27
  • 36
  • its looking like the best option at the moment yes. – Gvs May 14 '13 at 14:59
  • Been reading about this and one problem I see is that since I dont have an install file the keys wont be encrypted until you run the application once? Guess thats not a problem since I can run it then distribute it I guess but is there another way im not seeing? Im talking about encrypting the app.Configs appSetting which is done through code in the app (during form load i guess) or through a console app? – Gvs May 15 '13 at 14:45
  • Ended up going with this, just made a console app that encrypts, decrypts and updates info in the app.config file that the distributors are gonna use. Thanks – Gvs May 16 '13 at 12:00
  • Cool, glad it worked! (I haven't actually used an encrypted app.config yet - I just knew about it cause I'd looked into it for a project, which we will need to probably implement at some point, just haven't yet.) – neminem May 16 '13 at 14:32
  • Was relatively painless to implement aswell :) – Gvs May 20 '13 at 13:55