RE: Better security

Hello Dave,

Based on the nature of the question you mentioned, it is somewhat a pure
security & cryptography question.

I'm not sure the exact application code logic in your scenario(such as the
front end, backend and intermediate's processing on data and the user/role
based security strategry), would you further explain it? For example, how
will the three users(A,B,C) work in your application(or in different
application tier).

Generally, for symmetric cryptography, a key problem is the key
distribution and key management. Only the sender and receiver should own
the key. For example, if A and B want to exhange data through symmetric
data encryption, only A,B will share a key. And if they want to let a 3rd
party(such as user C) to maintain the data, then, they should offer C the
encrypted data(rather than plain text).

Please feel free to let me know your actual requirement and concerns.


Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.