Let's share my experience.
A few days ago, I thought it was a good idea to protect some of my indicators with that "protection". To keep a minimum of compatibility (compared to sef), I thought it was a light but nice protection.
I put a password on about 60 indicators, then export my files. Yeah nice, before to share them with someone, I had the good idea to open that fabulous PLA format!
Let's take an example,
Code: Select all
<?xml version="1.0" encoding="UTF-16" standalone="yes"?>
<Graph>
<GraphNode>
<data first="i_Aaroon" second="1"/>
<signature ObligatoryParamCount="0" RetType="0" StorageType="32"/>
<StudyProperties BarRefMode="1" BarRefValue="50" SaveAsSymbol="0" SemilogAxis="1" UpdateOnEveryTick="1">
<PlotInfo Color="255" IsExists="1" Name="hi" Num="1" ShowLastPriceMarker="1" Style="0" Type="0" Width="0"/>
<PlotInfo Color="16711680" IsExists="1" Name="lo" Num="2" ShowLastPriceMarker="1" Style="0" Type="0" Width="0"/>
<PlotInfo Color="16776960" IsExists="1" Name="hiref" Num="3" ShowLastPriceMarker="1" Style="0" Type="0" Width="0"/>
<PlotInfo Color="65535" IsExists="1" Name="loref" Num="4" ShowLastPriceMarker="1" Style="0" Type="0" Width="0"/>
</StudyProperties>
<PasswordState IsProtectedByPassword="1" Password="ceJroSnS5jbYy8TS7afdyQ=="/>
<NodeText Encoded="1">e1RISVMgSVMgQU4gQVJPT059CgppbnB1dDp0aG9sZCgyMCksbGVuZ3RoKDI1KTsKdmFyOmhpcmVm
KDApLGxvcmVmKDApOwpoaXJlZj0xMDAqKChsZW5ndGgtbnRoaGlnaGVzdGJhcigxLGgsbGVuZ3Ro
KSkvbGVuZ3RoKTsKbG9yZWY9MTAwKigobGVuZ3RoLW50aGxvd2VzdGJhcigxLGwsbGVuZ3RoKSkv
bGVuZ3RoKTsKcGxvdDEoaGlyZWYsImhpIik7CnBsb3QyKGxvcmVmLCJsbyIpOwpwbG90Myg1MCt0
aG9sZCwiaGlyZWYiKTsKcGxvdDQoNTAtdGhvbGQsImxvcmVmIik7Cgp7IElmIHlvdSBjYW4gcmVh
ZCB0aGF0Li4uIGl0IHN1Y2tzLi4uIH0K
</NodeText>
</GraphNode>
</Graph>
Moderator's Note: [edited out]
So I do not understand why you do not use AES256, you prompt the password to the user and you encrypt the content in AES.... just simple for a developper and 100000000 times secure.
Now there's the SEF export, but I'm sure there no special security on this format, it's just compiled code you may reverse it (I'm ok with the fact it will take clearly much timer but it was possible for TS/eld).
So why don't you implement a REAL security mechanism to have a minimum of security.
I know things are not unbreakable (specially on thick client), but just a minimum please.
I'm sad tonight!
Best Regards