in INI Files :: In most of my applications I'm using INI files to store configuration options.
INI files are text based documents with a simple structure. A user can open your INI files using Notepad or similar applications and see or manually change the content.
For one particular situation I wanted to somehow hide the content of the INI file. Yes, INI files are not to be used to store critical data, but in this case I only simply wanted to have a no-eye situation.
Read the full article to learn how to Hide The Content Of Your INI Files From Unwanted Eyes.
Related:
You should have used Windows CryptProtectData() to ensure a sound encryption.
I have used a similar method since 1988 using an XOR fn to scramble short strings which are saved to disk as part of a record. Like you say probably not that secure but quite effective especially when used with other tricks
type
Tscramble=array[1..30] of integer;
TSecretRecord = record
pwd:Tscramble
// etc other fields not all need to be scrambled
end;
var
Secret:TSecretRecord;
SecretFile: file of TSecretRecord;
function scramble(ClearText:string):Tscramble;
var i:integer;
begin
ClearText:=ClearText+#0;
for i:=1 to 30 do
result[i]:=ord(ClearText[i]) xor i;
end;
function unscramble(input:Tscramble):string;
var i:integer;
begin
result:=”;
for i:=1 to 30 do
begin
if ord(input[i]) xor i=0 then break;
result:=result+chr(ord(input[i]) xor i);
end;
end;
begin
assignfile(SecretFile,’passwords.md5′);
// not really md5 but puts the curious off
// save secrets to disk
secret.pwd:=scramble(‘Password123′);
write(SecretFile,Secret);
// read secrets back off disk
read(secretfile,secret);
showmessage(‘Password is ‘+unscramble(secret.pwd));
end.
Nuts!
INI files are meant to be accessible.
If a config file needs to be encrypted it should be called something else.
@Wm : yep, you are right of course, and I said something like this in the article. You can always save the file using a different extension associated with your application – but that is “out of scope” of this article.
and there was me thinking you were going to do something professional like extending the TIniFile class.
this is rookie/amateur code mr gajic. dissapointed.
@Jackson: rookie or not, the code works for me and is here posted for those that would like to use it. Have never said it is the only way to crypt INI files – only provided one simple solution.
Nowadays we have TFile.Encrypt(path:string) and TFile.Decrypt(path:string) in the IOUtils unit.
In turn they call Windows.EncryptFile and Windows.DecryptFile.
As WM sad before INI files are ment to be accesible ouside the application, so encryptic them seems useles for me.
As for storing application configration I rather use typed files. Why? Becouse in a typed file you can save complete record containing all your application settings. Infact this recod can have completly the same structure as the one you use inside your applications. So you don’t need to have seperate cals for reading or storing each property but one call for reading and storing them all.