Home/ Questions/Q 7032757
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T00:58:35+00:00

My application is written using : Embarcadero Delphi 2010 I have a form named

  • 0

My application is written using : Embarcadero Delphi 2010

I have a form named INCLUDEFORM which i included in all other forms, this form contain, TSQLQuery and TSQLConnection which contain the database connection details ( db host, db name, db user, and db pass ) which are defined in the design time.

Yesterday, i installed a software named ( Resource Hacker ), i tried to open my application using this software, and when i was looking for resources i have seen all forms in my application including the includeform, i clicked in the include form to see the code source, and i saw all the code source and daabase connection details.

I tried to open other similar applications to mine using the resource hacker, but i didn’t see any important details, only Icon, Icon group, and Version Info.

Please, is it possible to encrypt my source code from Resource Hacke, or at least the code in the INCLUDE FORM which contain the important database connection details.

Thankyou

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can set the connection string at form creation time, in-code and obfuscate/encrypt the string that is being used, rather than leaving it in at design time. Generally, I don’t use a connection to the live database in my development, but a connection to a test database that is typically more access restricted than the production database e.g. behind a firewall, inside a NAT gateway.

    Simple obfuscation mechanisms include performing an XOR of the string. More complex methods, like encryption, require the addition of libraries to perform the encryption/decryption.

    If you’re just trying to protect the connection string, these methods are simple to accomplish. If you’re trying to accomplish full obfuscation/encryption of the form data, then using packers like UPX is the simplest mechanism, but is, again, trivial to work around.

    Overall, anything you do will probably only delay the obtaining of the connection string for the database – this is due to the nature of software based protections – because you have everything that is needed to perform the connection, it is only a matter of time and effort before the information will be revealed.

    If you truly want to protect the connection to the database, then you need to have a username/password combination for each user, and require this data to be input at execution time

    • 0