Re: Reading WndProc Messages

John Wright

I guess I was not clear in what I needed to do. The control I was given was
claimed to be hack proof and to keep the credentials of the user safe and
unexcessible to a developer. I wanted to prove my point it was not secure
at all. I created a class to extend the control and was able to intercept
the WndProc messages and I wanted to send them out to a file on the network
for logging to prove a point. However, I found a better way to do this. I
just turned the KeyPreview on and was able to capture the keys strokes sent
to the control. Voila, I was able to capture who logged on. Now I can see
who has tried to access the dataware house and when. This is an auditing
procedure we must follow in our industry due to the data being stored.
Since I was forced to use this control, I "hacked" it to see who was trying
to access the system. I did not log it where the control connects because
a) I don't have access to the server that validates the users and b)Only our
site needs this data.

So problem solved. KeyPreview saved it for me.

Spam Catcher

"John Wright" <> wrote in
news:e56me#.gbl:

> Voila, I was
> able to capture who logged on. Now I can see who has tried to access
> the dataware house and when. This is an auditing procedure we must
> follow in our industry due to the data being stored. Since I was
> forced to use this control, I "hacked" it to see who was trying to
> access the system. I did not log it where the control connects
> because a) I don't have access to the server that validates the users
> and b)Only our site needs this data.

OK, you proved your point that the control is insecure... but that's
trivial since any keylogger could do what you did.

If you believe your type of auditing is secure, you're kidding yourself.
You should really get access to the login reports and generate your audit
logs from those.

Hacking the control to do what you've done is a poor mans solution ... and
hopefully you'll never need to rely on the data ;-)

--
(Do not e-mail)