Short Cut to Featured Code
- Windows Script Host Solution: Configurable VBScripts that Deletes and/or Archives Files Updated on 7-20-2010
- How to Decrypt RC4 Encrypted Parameters passed into Actuate Reports Updated on 4-15-2011
Are the solutions and code free
For non-business entities Yes! I only ask that you donate what the value of the code is to you! If you are a company and would like to license the scripts with or without support then please email me at JMMTechnologies@gmail.com.
How to Decrypt RC4 Encrypted Parameters passed into Actuate Reports
Problem: So, you manage a site that has been sending sensitive information like DB Login and Password via HTTP Post or Get! Well this is exactly what I ran into with a web application that was sending Database login and password information to Actuate Reports via HTTP Get!
Here is a visual example of the problem I encountered: www.some-site.com\runreport.asp?dbname=Marketing&dblogin=admin&dbpassword=admin123
Yes, stuff like this still happens. But how does one fix this with out having to radically change the design of both website and Actuate reports that have come to rely on this design? Well, the solution I came up with was to encrypt the values using what is widely believed to RSA RC4 encryption algorithm and it didnt break the bank!
Solution Requirements:
- Encrypt and Decrypt any parameters using an encryption and decryption algorithm that would passed muster if challenged by internal security audits. So were looking for something that would be accepted as "strong".
- Create versions of the encryption and decryption algorithms for both ASP pages and Actuate Reports using the Actuate Basic language.
- Encryption and Decryption Keys should be stored in a secure place and never transmitted between system.
Solution Design
- Lets reuse a VBScript Function that Mike Shaffer wrote back in 2000. It is some ASP code that solves the ASP problem of encrypting the values that will be sent to our Actuate Reports. His source code can be found @ http://www.4guysfromrolla.com/webtech/010100-1.shtml
- Create an Actuate function that follows Mikes RC4 implementation.
Code for some of the Actuate functions that needed to be written for this implementation. NOTE: ALL working source code can be downloaded via the link on the right of the page in the source file named RC4.BAS
Function Bin2Dec(ByVal Num As String) As Integer
Function Dec2Bin(ByVal n As Integer) As String
Function XorBin(ByVal Num1 As String, ByVal Num2 As String) As String
'************************************************************** '*Because Actuate does not have a BITWIZE Xor (Function) one had '*to be written here --JMM-- I though a bit about calling out to a '*windows API (or writing this in my own DLL,but felt that hurt the '*maintainability /portability of the reports going forward Function XorBin(ByVal Num1 As String, ByVal Num2 As String) As String Dim Num1Array(15) 'hold a 16 bit num Dim Num2Array(15) 'hold a 16 bit num Dim counter as Integer Dim resultString as String resultString = "" Call Put16BitBinInArray(Num1, Num1Array) Call Put16BitBinInArray(Num2, Num2Array) For counter = 0 To 15 'XOR Truth Table translation BIT by BIT can NOW be Done!!!!! If Num1Array(counter) = 0 And Num2Array(counter) = 0 Then resultString = resultString & "0" If Num1Array(counter) = 1 And Num2Array(counter) = 0 Then resultString = resultString & "1" If Num1Array(counter) = 0 And Num2Array(counter) = 1 Then resultString = resultString & "1" If Num1Array(counter) = 1 And Num2Array(counter) = 1 Then resultString = resultString & "0" Next XorBin = resultString End Function '************************************************************** '* Converts Dec to String Representation of Binary value '************************************************************** Function Dec2Bin(ByVal n As Integer) As String 'user created function - called from cmdcalculate_click() 'declare Variables - Bin holds the Binary number, BinDig Holds the next (higher bit) Dim Bin As String Dim BinDig As String 'test for Loop Do While n >= 1 'get next bit (remainder) BinDig = Trim(Str(n Mod 2)) 'string next Bit with previous Bin Number Bin = BinDig + Bin 'integer division (by 2 for Binary) to get result n = n \ 2 'loop until done Loop 'return binary number to calling sub Procedure Dec2Bin = CStr(Bin) End Function '************************************************************** '************************************************************** '* Converts String Binary to Decimal value '************************************************************** Function Bin2Dec(ByVal Num As String) As Integer Dim n As Integer Dim a As Integer Dim x As String n = Len(Num) - 1 a = n Do While n > -1 x = Mid(Num, ((a + 1) - n), 1) Bin2Dec = IIf((x = "1"), Bin2Dec + (2 ^ (n)), Bin2Dec) n = n - 1 Loop End Function '**************************************************************