The question is simple: How secure is compiled App?
(don’t know if there are difference between mac / win / linux)
Meaning: a saved database passwords, for example, could be extracted from compiled app?
For me, this is most important!
And not so important, but just curious…
A window, for example, that is only accessible on debug mode can be opened?
(i imagine it’s inside the compiled application, even if it’s only accessible on debug mode)
They can and it’s not that hard. In short, don’t do this. You can try to hide them by using obfuscation, but this makes it just harder to extract them, not impossible.
Yes it can. This is no easy task, but there are Tools available which will enable such behaviour.
Passwords can be difficult to protect even if they are encrypted.
As soon as you decrypt the password it will be available in memory as clear text and you will be able to find it by performing a memory dump (which on Windows can be done easily via the Task Manager).
The obvious solution is to clear the variable as soon as you have finished with it. This can be done with a Xojo memory block but can’t be done with a Xojo string which means the data will still be present in a memory dump until the operating system reuses that memory.
Some other things to consider:
If you perform any operations such converting between strings and memory blocks or string manipulation then the data might be copied and could remain in memory.
If you supply the password to something that is not your code (database connection / HTTP request / FTP request etc…) you have lost control of it and you might find more copies appear in memory dumps.