Well, a lot of that article is correct, even though I don't want it to be. VFP as a *language* is as secure as the programmer programmed it to be. VFP as a *database* isn't secure itself. You can encrypt fields. You can encrypt the directory that the data is stored in. But DBF data isn't secure. You wouldn't store social security numbers or credit card numbers in Excel spreadsheets, right?
I've haven't recommended DBFs for storage for over a decade now. There are better storage mechanisms such as Postgres, MariaDB, and even SQLite which can be set up as an encrypted database. VFP as a language is still valid, although it will never be able to create 64bit applications but that is a different subject. [Insert Xojo plug here as a viable language for VFP developers.] I had a potential client where they based their primary keys based on employee Social Security Numbers. They didn't like it when I told them that they'd need a complete rewrite. Notice this would have been the case no matter what language/technology they were using. It was just piss poor design. It appears from the article, that when the vendor was notified of the situation, that they were able to quickly address it although the article didn't say what that solution was. Probably encrypted the field? Hash the field with an external secured table containing the sensitive data? Who knows. To me, that's a win. Hopefully the vendor contacts all customers notifying them that there is a vulnerability and that there is a solution available. As Ted Roche always says "Security is a process". -Kevin -----Original Message----- From: ProFox [mailto:profox-boun...@leafe.com] On Behalf Of Dave Crozier Sent: Friday, February 22, 2019 6:07 AM To: 'ProFox Email List' <profox@leafe.com> Subject: VFP: false news.... Ignorance and stupidity still runs in the so-called “expert consultant” fraternity. “An outdated software that is used by about 200 Vermont municipalities and the Vermont Tax Department has long contained flaws that exposed sensitive information including Social Security numbers, according to an IT consultant and the software company’s founder.” “You could make a strong case that Visual FoxPro shouldn’t be used on a government level,” Johnson said. https://vtdigger.org/2019/02/05/consultant-outdated-software-left-worker-information-exposed-200-towns/ Thankfully the software owners realise that it isn’t a fault in VFP, it is a fault in the designing of the infrastructure. Expert: Ex - Out of date Spurt – a drip under pressure!! Dave Crozier Software Development Manager Flexipol Packaging Ltd. ﴾⚆ᨎ⚆﴿ Flexipol® Packaging Ltd T 01706 222 792 E dcroz...@flexipol.co.uk W https://www.flexipol.co.uk/ Follow us: Unit 14 Bentwood Road, Carrs Industrial Estate, Haslingden, Lancashire, BB4 5HH This communication and the information it contains is intended for the person or organisation to whom it is addressed. Its contents are confidential and may be protected in law. If you have received this e-mail in error you must not copy, distribute or take any action in reliance on it. Unauthorised use, copying or disclosure of any of it may be unlawful. If you have received this message in error, please notify us immediately by telephone or email. Flexipol Packaging Ltd. has taken every reasonable precaution to minimise the risk of virus transmission through email and therefore any files sent via e-mail will have been checked for known viruses. However, you are advised to run your own virus check before opening any attachments received as Flexipol Packaging Ltd will not in any event accept any liability whatsoever once an e-mail and/or any attachment is received. It is the responsibility of the recipient to ensure that they have adequate virus protection. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Terms & Conditions: Notwithstanding delivery and the passing of risk in the goods, the property in the goods shall not pass to the buyer until the seller Flexipol Packaging Ltd. ("The Company") has received in cash or cleared funds payment in full of the price of the goods and all other goods agreed to be sold by the seller to the buyer for which payment is then due. Until such time as the property in the goods passes to the buyer, the buyer shall hold the goods as the seller's fiduciary agent and bailee and keep the goods separate from those of the buyer and third parties and properly stored protected and insured and identified as the seller's property but shall be entitled to resell or use the goods in the ordinary course of its business. Until such time as the property in the goods passes to the buyer the seller shall be entitled at any time --- StripMime Report -- processed MIME parts --- multipart/related multipart/alternative text/plain (text body -- kept) text/html image/jpeg image/jpeg image/png image/png image/png image/png --- _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/cwlp265mb0852bbc5d439dbb2e4e97026fb...@cwlp265mb0852.gbrp265.prod.outlook.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious. _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/dm6pr09mb351437ad68c00fef172062d5c5...@dm6pr09mb3514.namprd09.prod.outlook.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
