Securely check an APPDATA variable
2 views (last 30 days)
I am experimenting with pcode and I considered adding password protection to my script. The basic idea is that the script should prompt the user for their password before execution of the main code.
The entered password is hashed according to Jan Simon's DataHash.m, and then checked against the p-coded hash. If the credentials are a match, I want to set a flag which prevents the user from being prompted again for their credentials until the next MATLAB session.
My initial idea was to set an APPDATA variable in the root, since this is automatically cleared once MATLAB is shut down. However, there is nothing stopping the user from looking up the names of the APPDATA variables with app=getappdata(0.0) and simply noticing the value of the flag. Then, for all future MATLAB sessions they could just set the same APPDATA variable with this flag and bypass the password check.
Since I am not well-versed in cryptography and data security, I am wondering if there is a straightforward way to obscure this "flag" so that it is non-trivial for the user to hack its value?