Re: Security - Best Encryption Tool
From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/02/04
- Next message: E.M.Smith: "Funky FormsAuthentication Cookie Behavior."
- Previous message: Jenicek_at_poh.cz: "Re: SSL comunications"
- In reply to: WJ: "Re: Security - Best Encryption Tool"
- Next in thread: WJ: "Re: Security - Best Encryption Tool"
- Reply: WJ: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jun 2004 10:13:36 -0700
I don't think it is the issue of small vs. large. There are cases when DPAPI
is simply a very bad choice, such as encryption of data stored in a
database. Whether the application runs on one machine or many machines, it
does not matter. DPAPI can serve best for storing application configuration
settings (in .config file or registry), but again you really need to
understand the limitations and vulnerabilities, because in certain
situations DPAPI is no more secure than its alternatives. There is a
misconception that DPAPI is a silver bullet for data protection, but
unfortunately it is not. In some cases it can be the best option, in other
cases, it is not.
Alek
"WJ" <JohnWebbs@HotMail.Com> wrote in message
news:%23jpu7ZJSEHA.3420@TK2MSFTNGP11.phx.gbl...
>
> "Svein Terje Gaup" <stgaup@broadpark.no.spam> wrote in message
> news:u1QY4SCSEHA.1256@TK2MSFTNGP09.phx.gbl...
> > Alek, I see now that you are right, and I stand corrected.
> >
>
> So it is safe to assume that DPAPI solution is best used in small and
single
> web site environment ?
>
> Thanks
>
> John
>
>
- Next message: E.M.Smith: "Funky FormsAuthentication Cookie Behavior."
- Previous message: Jenicek_at_poh.cz: "Re: SSL comunications"
- In reply to: WJ: "Re: Security - Best Encryption Tool"
- Next in thread: WJ: "Re: Security - Best Encryption Tool"
- Reply: WJ: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
