Better security


First off, if you have not read Dominick Baier's book yet - GO READ IT
NOW. That is the book I wish I had read first - would have saved me
boatloads of time.

Ok, on to the question. It seems to me the best way to store secrets
that we need to plaintext of (ie can't just hash and save the hash) is

Have person A know the connection string to the database.

Have person B know the symentric key used to encrypt the secrets

Have person C be the only one with access to the server and to the
web.config file.

The question is, how do we get the ifno from person's A & B into the
Web.Config file and encrypted in the Web.Config file. If person C does
that they've seen them unencrypted. If person A & B do it, they are
then on the server for a short period of time.

??? - thanks - dave
Windward Reports --
me --

Cubicle Wars -