Re: Configuration Managment Aplication Block
From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 02/27/04
- Previous message: Jan Jones: "Signed Code Publisher Policies broken in .NET 1.1!"
- In reply to: Damian: "Configuration Managment Aplication Block"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 12:55:06 -0300
Damian:
A config file is never a secure place to store secrets. However, you can ACL
this file on order to restrict access to specific accounts. If you are using
the "ProtectionProviders" that comes with CMAB, you can store the encryption
and sign keys in a registry entry, and of course ACL as well. On the other
hand, recall that CMAB goal is not to store sensitive data, but with this
hints, you should get the job done.
For more info see:
http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl
"Damian" <t-damianl@infocorp.com.uy> wrote in message
news:uhF9hOU$DHA.684@tk2msftngp13.phx.gbl...
> Hi all,
>
> I've read the CMAB and I don't understand one thing :
>
>
>
> The center of all the CMAB is the .config files but this file
is
> not a secure place to store all the data, is it ?
>
> What happen if someone get holds of the .config and modifies
for
> example the encryptation flag of the configProvider section ?????
>
> I would like to know some way to secure the .config file. Is
it
> possible ??? If it is not, the CMAB dose not make any sense
>
>
- Previous message: Jan Jones: "Signed Code Publisher Policies broken in .NET 1.1!"
- In reply to: Damian: "Configuration Managment Aplication Block"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
