Okay so I have a program, but when it launches the user has to enter a username and password. This login system is on a different form from the rest of the program. There are two things I would like to implement, but I need some help. This is for a gr. 10 IT task.

1. At the moment the password and username is a constant declared in the program and thus is not changeable to the user's preference. I would like to make it changeable, but then I can't use constants I believe. I tried using a text file to store the passcode in, but ultimately that isn't very secure, because the text file could just be deleted, edited or read to gain access to the application. Is there a way that I can permanently change the program's constants, like the program changing it's own source or something like that(I really doubt that this is possible). How can I implement a real secure way of making a changeable password. (Keep in mind I am only grade ten and if it's too complicated my teacher will know it's not my own work).

2. When the password has been entered the login form hides itself and the actual program's form shows up. Now when I hit the close button on this form, it closes, but in the debugger it shows it's still running, although there is no sign of the program running in windows. Why is this?

Any answers to the above questions are welcomed and would be deeply appreciated. Please make the solutions as simple as possible, so my teacher won't realize it's not my work. Thank you DaniWebbers.

On the contrary, we want your teacher recognize your code to your work and appreciate it, but we can give hints and stuff. I think maybe simple XOR encryption would be enough for you, as you probably do not want to use third party crypto modules.

I looked up the Wikipedia article for XOR, but the truth is that I have no idea how to implement this. Also, what is causing the problem in question 2?

You would ideally need to encrypt the password and store it in a constant place. For instance a database. You can even try storing it in the registry.

As for problem 2. What is the code behind the button?

Should be

Application.Terminate

as opposed to

ModalResult := mrCancel;

I was using the exit bitbutton, which has built in code. Perhaps the switch between the forms is incorrect. Currently it is form1.hide and form2.show.

Also, how could I make the password file so that it cannot be accessed, altered or deleted by anything but my application?

Also, how could I make the password file so that it cannot be accessed, altered or deleted by anything but my application?

No way you can ensure this. You should be able to detect alteration, but you cannot 100% prevent access, alteration or deletion.

No way you can ensure this. You should be able to detect alteration, but you cannot 100% prevent access, alteration or deletion.

So is there any other way of making a password login, that is secure and tamper proof?

It seems that nobody can give me a solution, I'm just going with the easy route and using a in-code password, shortcut that it is.

Okay I gave this thing some thought, and I want to know, is there something to add to Delphi through which I can change hard coded constants at runtime? Is that even possible?

Yes it is possible, but not recommended. If you can change it, then so can others (and therefore read it). Here's one option.

Ok everybody says that editing the .exe is way bad, so it seems registry is the way to go. How would I do this?

This article has been dead for over six months. Start a new discussion instead.