Website security - can application hide website password from hackers?

[MatthewBragg]

My Delphi 6 application retrieves its own updates from my website. The IdFTP component that I am using for the FTP download needs to know my website's password in order to be able to open the site before downloading the file.

Anyone can use a debugger to find out what my site password is. They just have to step through the program execution until the program defines the password field in the IdFTP structure.

There must be a more secure way to download files programmatically without the user having to use a web browser. Does anyone know what it might be?

 

[Griffyn]

define the username and password on your FTP site to only allow access to a folder containing your program updates.

That way it doesn't matter if the username and password is found out.

 

[Ante0]

You could always store the update in a public folder, unless your update is used for a program you need to purchase first.
You could always download the file from your program and use Shellexecute to run the update.

 

[Stretchwickster]

I'm not up to speed with this by any means, but I'm sure there are secured ways of making FTP connections whereby encryption is utilised. Try researching:
- SFTP
- FTPS
- SSL
- SSH

Clive

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"To err is human, but to really foul things up you need a computer." (Paul Ehrlich)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To get the best answers from this forum see: faq102-5096