Re: Use Dpapi with Shared Asp.Net Web Host?
From: Phil C. (charlestek_at_rcn.com)
Date: 01/24/05
- Next message: WJ: "Re: Frontpage Server Extension a security problem?"
- Previous message: Phil C.: "Re: Use Dpapi with Shared Asp.Net Web Host?"
- In reply to: Dominick Baier [DevelopMentor]: "Use Dpapi with Shared Asp.Net Web Host?"
- Next in thread: Phil C.: "Problems with Dpapi Tools zip download link"
- Reply: Phil C.: "Problems with Dpapi Tools zip download link"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Jan 2005 16:34:48 -0500
Thanks Dominick,
I think this ties in with Svein's last reply regarding creating a dll.
I will download it and try it.
Finding some answers to this question was difficult as I googled
considerably and looked
at a lot of .Net forums, but for some reason no one else seems to have
needed to document the answers.
Phil
"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:eYHB8DlAFHA.936@TK2MSFTNGP12.phx.gbl...
>i wrote a couple of DPAPI tools (extended the ms impl, a command line tool
>.. and a ASP.NET frontend) - just upload the single aspx file to the server
>and you can encrypt whatever strings you like with DPAPI...don't forget to
>secure that page (or better delete it when you are finished)
>
> download:
> http://www.leastprivilege.com/PermaLink.aspx?guid=ebd9956e-a36c-4b57-8d58-6ff79a60e43f
>
>
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>
> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/
>
> Hi.
>
> I'd like to use an encrypted database connection string. I'd also like use
> an encrypted set of customer tables with a symmetric algorithm (and a
> secure
> symmetric key) generated by .Net in my sql server database from asp.net
> code stored on a shared host asp.net server.
>
> I've downloaded a set of vb.net code that is a rewrite of the c# dpapi
> code posted on msdn. The dpapi should enable me to encrypt the connection
> string, but the portion of the code that calls the encryption class and
> encrypts a given string is a console application.
>
> The article accompanying the code states: "Note that you'll need to run
> the
> console application on the IIS server to generate the encrypted
> base-64-encoded string. this is because the EncryptString function
> instructs the DPAPI to use the machine-wide key, so the encryption and
> ecryption will be valid only on the same machine.
>
> Since this is on a shared host thousands of miles away, and I don't belive
> I can run any local console code on it,
> does this mean I'm sunk????
>
> Basically I need some secure way of storing my encrypted connection string
> and storing
> my symmetric encryption key. I know how to write the code to use the keys
> and algorithms to encrypt and decrypt things.
>
> I suppose I could hide bits and pieces of the each key
> in different places in the code or database and append them together by
> hardcoding, but
> I believe that that could be discovered???? by dissassembling my code
> unless
> I use a professional obfuscator???.
>
> HELP!
>
> --Insecure in Boston, MA
> -->GO PATRIOTS!!!!!!!!!!!!!!!
>
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
- Next message: WJ: "Re: Frontpage Server Extension a security problem?"
- Previous message: Phil C.: "Re: Use Dpapi with Shared Asp.Net Web Host?"
- In reply to: Dominick Baier [DevelopMentor]: "Use Dpapi with Shared Asp.Net Web Host?"
- Next in thread: Phil C.: "Problems with Dpapi Tools zip download link"
- Reply: Phil C.: "Problems with Dpapi Tools zip download link"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
