Re: Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 17 Jul 2006 21:03:58 +0000 (UTC)
and also add a hardcoded entropy when you are using the machine key. raises the bar a *little* bit more.
dominick
That said, per machine DPAPI encryption of the connection string is
probably the way to go. That would allow all users on the machine to
read the data programmatically, while not leaving the data sitting out
in plain text. You would probably want to write a custom action for
your installer that does this.
Of course, the CA will have the plain text data, so then you need to
figure out how to hide the data in the CA. Additionally, a smart user
will be able to get the plain text data as your program can do it.
Essentially, you are only raising the bar.
Joe K.
.
- Follow-Ups:
- References:
- Re: Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
- Prev by Date: Re: Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
- Next by Date: Re: Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
- Previous by thread: Re: Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
- Next by thread: Re: Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication
- Index(es):
Relevant Pages
|
