Better security
- From: David Thielen <thielen@xxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 11:05:11 -0700
Hi;
First off, if you have not read Dominick Baier's book yet - GO READ IT
NOW. That is the book I wish I had read first - would have saved me
boatloads of time.
Ok, on to the question. It seems to me the best way to store secrets
that we need to plaintext of (ie can't just hash and save the hash) is
to:
Have person A know the connection string to the database.
Have person B know the symentric key used to encrypt the secrets
Have person C be the only one with access to the server and to the
web.config file.
The question is, how do we get the ifno from person's A & B into the
Web.Config file and encrypted in the Web.Config file. If person C does
that they've seen them unencrypted. If person A & B do it, they are
then on the server for a short period of time.
??? - thanks - dave
david@at-at-at@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com
Cubicle Wars - http://www.windwardreports.com/film.htm
.
- Prev by Date: Re: Authentication exception calling ActiveDirectory.Domain.GetCompute
- Next by Date: How to find code permissions needed
- Previous by thread: Conditional Authentication / Authorization Approach
- Next by thread: RE: Better security
- Index(es):
Relevant Pages
|
