PDA

View Full Version : Life Saver or First Aid



prabhafriend
07-13-2008, 04:26 AM
Hello Friends... This is Prabhakaran from Thanjavur (South India). First of all I want to confess to you all that I am not a traditional programmer or anything like that. Now I am 23 years old joined in an Administrative office before 3 years immediately after discontinuing my diploma studies. First of all I joined there only as a Data-Entry Operator. Within a month of joining there I came to know that the office were I working was an administrative office for some 6 Television Relay Centres. The main work of our office was to maintain accounts like Salary, Leave, Pension, Tax Deduction, etc., for the employees working under all of its Television Relay Centre. There are clerks who do all these calculation manually and write in a paper and then gives to me to get it printed. My work was to type all these data in word file and printing it. The Data-Entry operator worked before me were also did like these. But after a while, one of my friends came to my office to visit me, he is a computer geek, when he saw some my work he suggested me to use auto-text options for entering recurring texts like officer?s signature like that. I did as my friend?s suggestion. I felt this reduces lot of time. So I slowly began to explore all of the options found in the MS-word. Later, I learned about formatting copier, Styles and Formatting, Bullets and Numbering, Index and tables. All these finally saved my time very effectively. Then I wanted to save much more time, so I began to mimic all of the calculations using msexcel they did on the data they gave me. Step-by-Step I learned Msexcel too. I began to use goal-seek, pivot-tables, functions like that. This saved not only time for me but also able to found out some errors that they done on the data. Initially I didn?t corrected the errors that they did on the data just type what gave to me and return them even though I found out their errors. After some deep analysis I found that all of the works that I did were based only on the employees working under its Television Relay Centre. So I learned MsAccess and created database for all of the employees working under its control and began to do all of the calculations using access. Slowly I created tables, queries, forms and reports. After a while, I came to know that there is an option for every data work in msoffice and also able to maintain a whole office by a single person with the help of msoffice. But some times I figured out that still I am doing some manual works like copy a data from an excel or access table and then pasting in a word document. I strongly believed that there will be an option for it too. But I didn?t know at that time. I searched internet about this and came to know about the ?Visual Basic for Applications? an understood the process I wanted to accomplish is called ?automation? and without programming automation will never be done. I slowly learned Visual basic for applications and completely automated all of my works. Still I did not tell about their errors. But once a senior office found an error and enquired the manual clerks about that. They just told him that I did that mistake and they corrected the papers and showed him. The senior officer warned me to do my work even carefully. So I decided to tell him all of my works and their mistakes. The officer was fully impressed on all of my works and scolded the manual clerk for lying and afterwards gave all works directly to me even accounting works too. This made the manual clerks jealous about me. Because I did all of the works they do for a whole week in a matter of seconds. So they began to plot me. When the senior officer has been transferred a new office came to my office who is a close of one of the manual clerks. He just did what they said and finally fired me. So I decided to never work under any person like them but to do myself. So I decided to do some local solutions (software) for the medical shops and the near by department stores. I just got my first order last week. At this time I want to explain the current scenario of my city and its software developers (my competitors) and its clients.
The town I reside (Thanjavur) is not a major city but an urban-town which is going to be a city in a year or two. In our city the market place for the software developers were the medical shops, hotels, hospitals and the department stores. Here there are about 10-20 software developers who were doing projects for the above places. Initial pioneer software developers for our city developed solutions using FoxPro. Later they developed using VB. Now all of them were migrating to .Net technologies. But here the clients were not much techie. They just wants to accomplish the task and don?t want to know about the platform in which the software developed. Since, the client?s requirements were very basic like purchase, stock maintenance, sales, etc., I hope that the solutions can even be achieved using VBA. But I definitely know that all things achieved using VB and .Net was never being achieved only using VBA. But for the clients requirements concerned I hope VBA is enough. So I want to tell you what all options the software developers here providing the clients and want to clarify whether it will be possible by using VBA only.
The most common option our local software developers provide their clients:

Dot-Matrix printing support with moderate speed printing capability.
Backups.
Barcode printing for labelling the products with manufacture and expiry details.
Native language support.
Periodical updates without interrupting the current data.
High security.Now I want to tell why all these things were seems to bothering me.
1. Dot-Matrix printing support:
First of all, in my previous office there were only laser printers. I only dealt with laser printers only. Before a week one of my friends told me that dot matrix printers were only compactable for the dos-based applications and he also told in a windows environment it will be very slow. Is it true? Since, all the options above listed were mandatory to do software solutions in our city. I surely want to achieve the same speed that other developers were delivering using the same printer. I also want to tell here that the clients were also not ready to investing in high priced printers. They only need a software developer who develops with very low cost materials.
2. Backups:
Before going to backup I again want to tell something about my town and their clients. My town is prone to often power failures. But not all the clients were ready to invest in UPS devices. Even if they invest in UPS they don?t properly maintain it. I came know that the solutions that have been developed using FoxPro were withstand power failures and data never be corrupted. But I also that solutions developed using VB were some what prone to power failures. Since solutions developed using VB were depended upon so many files. I hope I will be easily recoverable. But in VBA we only have a single for all purpose. What happens when a single corrupt? Everything will be lost. How to overcome this hurdle? Since the clients were not very well educated and tech related they just think the developer is the responsible one. I hope there definitely will be a way to avoid this scenario.
3. Barcode printing:
I hope we can achieve this using a third party software which supports COM (Component Object Model) But I am not sure.
4. Native language support:
The Native language here is tamil. There is also an Unicode font for that. But I don?t know whether it supports also functions like sorting, filtering etc.,
5. Periodical updates:
In my view, there is also a complication to enable this option using VBA. Here the VB developers modify the .exe in their workstation and then just paste in the clients computer. Nothing more than this required. Since all of my works are in .mdb file. How can I deploy an update in this method i.e. the clients has to do their day-by-day work as they did before updating process. I just have to paste a single file. And the update has to take effect without modifying any data.
6. High security:
It is the most important option for me. Because it not secures the data for the clients. But without security other developers can break into my structure and code, modify them and then distribute it their clients. I clearly want my file to run on a specified only not on any other system. I heard about certificate protection but not tested it. Is it possible to run a program on a single system only? I also wants if anyone see my files, I want my software to not to find in which base it was developed. Is it possible to fully secure our project upto this level. But this is highly mandatory.
Shortly I want to know that VBA is a Lifesaver or just a First-Aid.

Oorang
07-18-2008, 12:21 PM
Hi,
Welcome to the board :) You asked about high security in the context of reverse engineering. It's my opinion that none of the Microsoft Solutions .Net or otherwise will fall into this category. Why? Well VBA compiles down to PCode not Machine code and as a result can be "decompiled". However VB.Net, C#, and others now compile down to CIL. Which can also be decompiled. Your best bet security-wise would be something that compiles to binary. But decompilers are out there for that too.
The real task is to escalate the skill/time (cost) of the attack beyond the potential payoff (reward) of the task. This means using obfuscation methods, keeping the files secure, and the never ending battle to prevent piracy. You can end up dumping all of your time/effort into preventing a crime that may never occur.
The first thing you need to do is ask yourself, what secnario are you trying to prevent? If you fail to prevent the scenario, how much is it likely to cost you? How much money are you willing to budget to prevent the scenario? Then select your tools/plan based on that. You can't prevent everything so you focus of preventing the most likely attacks.
For instance, the real value in most Access Databases is not the database solution (teh awsum though it may be), it is in the data itself. Well how do data leaks occur? A surprising amount happen just by employees plugging a usb stick into the PC and walking out with it. So step one is not your awesome anti-decompilation trick. Step one is disabling usb drives at the BIOS level, putting passwords on the bios and using case/lock tamper detection on the PC case itself. Can they still transfer files over the internet? By plugging into the lan jack? So on.

And on. You get my drift. Is Access Secure? A resounding NO!. But it will be fine if you secure the environment. If you want security past securing the environment, then you may want to choose a different tool. Most of the real reasons to stay away from access solutions have to do more with scalability.

prabhafriend
07-18-2008, 09:57 PM
First of all I wanna thank you friend for your reply. I follow your suggestions concerning about the security issues. Can somesome say something about the other requirements too. Thank you very much once again.