Source language: Translate to:

RunNeobook command

Questions about using NeoBook's scripting language

Moderator: Neosoft Support

RunNeobook command

Postby dpayer » Tue Mar 06, 2012 9:53 am

If I were to pass credentials (in the form of variables) from one app to another using the RunNeobook command, I would want to be sure that the sender was the authorized sender and not a hacked version.

Is there a way for the launched app to know which Neobook app initiated the launch with the RunNeobook command?

I know it is possible to tell the launched app the name/location of the app doing the launch with a variable but I don't want someone else to be able to spoof the recipient program.

Could one of the variables transferred to the launched program be the name of the launching app? (I guess this is more of a feature request).

Example: [RecievedRunNeobookFrom] would be set with the path/file info as part of the command. If someone tried to set that with another value, the process would overwrite it with the true value.


David P.
User avatar
dpayer
 
Posts: 1382
Joined: Mon Apr 11, 2005 5:55 am
Location: Iowa - USA

Postby dec » Tue Mar 06, 2012 10:21 am

Hi David,

I think this recent thread might be of your interest. Also, if you want to communicate one NeoBook publication with another (sending messages and getting replies and viceversa), considerer my plugin npMsgs. The refered thread finally end on a new action on my plugin npUtil, which can tell you the parent of a publication, that is, allow you to get the path for the program who launch your publication. npMsgs, on the contrary, allow you to send messages to another NeoBook publication, which can also send replies.

Maybe with any of this possible ways you can get what you wanted. ;)
.
Enhance your NeoBook applications!
.
58 plugins, 1131 actions and 233 samples
.
NeoPlugins website: www.neoplugins.com
.
User avatar
dec
 
Posts: 1663
Joined: Wed Nov 16, 2005 12:48 am
Location: Spain

Postby dec » Tue Mar 06, 2012 10:26 am

Hi again,

Don't know if am I wrong, but, maybe with the "commandline" you can do it. Since you can pass certain information to the executed publication sending commandline arguments, maybe you can do something with that. Maybe you can, for example, send certain "key" who only you can know. So this difficult another program to do the same.

Certain string sended as an argument that can be decrypted by the target publication, testing if can be considerer valid or not. So what do you thing? :)
.
Enhance your NeoBook applications!
.
58 plugins, 1131 actions and 233 samples
.
NeoPlugins website: www.neoplugins.com
.
User avatar
dec
 
Posts: 1663
Joined: Wed Nov 16, 2005 12:48 am
Location: Spain

Postby dpayer » Tue Mar 06, 2012 10:54 am

dec wrote:Hi again,

Don't know if am I wrong, but, maybe with the "commandline" you can do it. Since you can pass certain information to the executed publication sending commandline arguments, maybe you can do something with that. Maybe you can, for example, send certain "key" who only you can know. So this difficult another program to do the same.

Certain string sended as an argument that can be decrypted by the target publication, testing if can be considerer valid or not. So what do you thing? :)


Sending information that only you 'should' know is called security by obfuscation (a big word meaning hiding or confusing). Problem is, if you based your security of your app on this point, then if someone found out this one point, they have access to send your app this info via a commandline variable they use which may allow them access to something you don't want them to have.

Example: secret back door to your program only the author should know --> type 'secret' at the xyz position and you can edit a file that contains the data of that customer.

Enemy #1 finds this out (everything gets posted to the internet, of course!) and then they see how they can change data on your system.

I will look into your Msgs plugin to see if this may be helpful.

Thanks for your input.

David P.
User avatar
dpayer
 
Posts: 1382
Joined: Mon Apr 11, 2005 5:55 am
Location: Iowa - USA

Postby dec » Tue Mar 06, 2012 11:00 am

Hi,

I think is not easy to the enemy to discover what you does on the commandline, since you can send encrypted information, for example, which can be only decrypted by your publication. Of course, if the enemy discover your password... anyway, if you think this cannot work, I have no more to say, because at the least you know better than me what you need. ;)
.
Enhance your NeoBook applications!
.
58 plugins, 1131 actions and 233 samples
.
NeoPlugins website: www.neoplugins.com
.
User avatar
dec
 
Posts: 1663
Joined: Wed Nov 16, 2005 12:48 am
Location: Spain

Re: RunNeobook command

Postby rcohen » Mon Dec 10, 2012 8:46 am

I know this is an old thread, but in the name of "The Archives" ...

here's another (modified) method I use for security that could perhaps help "lock you down"

Upon start up (of the mother ship) place an encrypted file named something like xxx.dll on the system someplace. If you were placing this by hand (or one time) you might try to place it into system folders, but with Win7 and forward security, location would have to be experimented with. But anyway, you place the "dongle file" in a hidden location as permitted. This file will also have to be deleted when the (mother ship) controlling software shuts down.

In the software you're protecting against spoof execution, simply check for the presence of this "dongle file" and if you really wanna be paranoid, then DEcrypt it's contents and compare JUST TO BE SURE.

I use variations of "digital dongles" for a few of my projects.

rcohen
User avatar
rcohen
 
Posts: 279
Joined: Sun Apr 03, 2005 7:29 pm
Location: The Smokey Mountains, Tn


Return to NeoBook Action Commands

Who is online

Users browsing this forum: No registered users and 3 guests