View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003296 | JEDI VCL | 00 JVCL Components | public | 2005-10-30 23:13 | 2006-04-04 07:00 |
| Reporter | beckmi | Assigned To | obones | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | won't fix | ||
| Platform | Windows | OS | Win 2000 SP3 | OS Version | Delphi 6.02 |
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0003296: Security problem with JvSerialMaker | ||||
| Description | On behalf of Max: -------------------- Hi, I change 4 lines in the .pas file of JvSerialMaker. Problem : If you enter Test1 and Test2 for username, the key is the same. For my software, is a big problem. So I correct this. The change is : function TJvSerialMaker.GiveSerial(ABase: Integer; AUserName: string): string; var A: Integer; begin if (ABase <> 0) and (AUserName <> '') then begin A := ABase * Length(AUserName) + Ord(AUserName[1]) * 666; Result := IntToStr(A) + '-'; A := ABase * Ord(Length(AUserName) div 2) * 123; Result := Result + IntToStr(A) + '-'; A := ABase + (Length(AUserName) * Ord(Length(AUserName))) * 6613; Result := Result + IntToStr(A); end else Result := RsError; end; With this new serialmaker, the username Test1 and Test2 are different. Good computing ;) Max | ||||
| Tags | No tags attached. | ||||
|
|
Well, the problem is that the serial number is NOT reliable at all. And changing the algorithm now means breaking the code of many exisiting users. After all, it's not only "test1" and "test2" that give the same result, it's the following regexp that gives the same result : t?{4} a t followed by any four characters... |
|
|
As I said earlier, this will not be changed. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-10-30 23:13 | beckmi | New Issue | |
| 2006-01-08 12:23 | obones | Note Added: 0008349 | |
| 2006-01-08 12:23 | obones | Status | new => feedback |
| 2006-04-04 07:00 | obones | Status | feedback => resolved |
| 2006-04-04 07:00 | obones | Resolution | open => won't fix |
| 2006-04-04 07:00 | obones | Assigned To | => obones |
| 2006-04-04 07:00 | obones | Note Added: 0008892 |
