Generating a CheckSum
A CheckSum is a single number that acts as a signature for a larger amount
of data. Its original use was to provide a way of checking that a message
had been transmitted correctly across an unreliable link. The checksum
would be calculated by the sender and sent in the same transmission as the
text of the message. The receiver would then recalculate the checksum of
the text received and compare this with the checksum transmitted. If the
two numbers matched then that would indicate that the message had very
probably been received correctly. If they did not match then either the
message or the CheckSum must have been corrupted and the recipient would
request a repeat transmission.
FoxPro provides two Sys functions which you
can use to generate a checksum as a 16-bit or 32-bit number. One of these
functions bases the checksum on a string of text, the other works from a
complete record.
Sys 2007
Use the Sys (2007) function to generate a
16-bit or 32-bit CheckSum from a string:
?Sys(2007, 'Test')
will print "10376", the 16-bit checksum of the word "Test". Note that
this is a string of digits, not an integer.
Pass two extra parameters to Sys(2007) to generate a 32-bit checksum:
?Sys(2007, 'Test', 0, 1)
This will print "2018365746", the 32-bit checksum of the word "Test". This too is
a numeric string, not an integer.
Note that both checksum algorithms are case-sensitive because they are dealing with
the ASCII representation
of the characters. The 16-bit checksum for the word "test" is "8134" rather than the
"10376" that was calculated for "Test".
Security
You can improve the security of your application by storing the checksum of
a password instead of the password itself. When the user logs in, take the
checksum of the password they enter and compare it with the number stored in
the login table.
Using a checksum in this way means that nobody - not even the developer - can
read the login table and see a user's password in plain view. If the intruder
does have a copy of FoxPro and if they have plenty of time to spare then they
could try calculating the checksums of all the likely passwords. This is a
long job but not a totally impossible one so do not rely on this simple
technique if your system must have absolute security.
Sys 2017
Use the Sys(2017) function to generate a CheckSum
from the current record inthe current work area:
?Sys(2017)
You can use this function to detect unauthorised changes to data. Add
an extra field to the table and use Sys(2017)
to calculate the checksum whenever a record is added or modified. Any
authorised change to the data will be matched by a change to the stored
value of the checksum. If the checksum does not match then the data must
have been changed by somebody who was not using the correct data entry forms.
Another use for Sys (2007) is to detect whether
the user has made any changes to the current record. If you take the CheckSum
as the form loads and again when the user tries to close it then any change in
any of the fields will show up as a change in the value of the checksum. If
the 'before' and 'after' values are the same then no changes have been made to the
data. You can use the GetFldState() function to
give this information for buffered tables but that will record a change if the
user edits a field and then undoes the alteration so that the record actually
remains unchanged.
The Sys(2017) function can take extra parameters
to define which named fields are to be included in the calculation and whether
or not Memo fields are to be included.
|
