Re: Storing Client Certificates
From: Todd Bright (ToddBright_at_discussions.microsoft.com)
Date: 03/23/05
- Next message: Eugene Mayevski: "Re: Storing Client Certificates"
- Previous message: GoCMS: "RE: IIS "secure communications"and "certificate" sections disabled."
- In reply to: Dominick Baier [DevelopMentor]: "Re: Storing Client Certificates"
- Next in thread: Eugene Mayevski: "Re: Storing Client Certificates"
- Reply: Eugene Mayevski: "Re: Storing Client Certificates"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Storing Client Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Mar 2005 11:01:02 -0800
If someone hacked into the client machine and found the client cert they
could send form posts and/or files over to our server. So I wanted to "hide"
the client cert so noone but my app either knows where it is or can get to it.
"Dominick Baier [DevelopMentor]" wrote:
> Hello Todd,
>
> certs are no secret - a public key bundled with some extra info - why are
> you concerned with security?
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Is there a way in .Net to specify that an embedded resource can only
> > be accessed from within the assembly?
> >
> > Or, in general, what is the best/most secure way of storing a
> > client-side cert without having to have a user profile?
> >
> > Thanks,
> > Todd
>
>
>
>
- Next message: Eugene Mayevski: "Re: Storing Client Certificates"
- Previous message: GoCMS: "RE: IIS "secure communications"and "certificate" sections disabled."
- In reply to: Dominick Baier [DevelopMentor]: "Re: Storing Client Certificates"
- Next in thread: Eugene Mayevski: "Re: Storing Client Certificates"
- Reply: Eugene Mayevski: "Re: Storing Client Certificates"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Storing Client Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
