|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
ConnectionStrings encryptionHello,
I just found the following article on how to encrypt connection strings in .config files with .NET 2.0: http://msdn2.microsoft.com/en-us/library/dtkwfdky.aspx However it focus on ASP.NET applications, and I also want to do it in Windows Forms applications. Is this possible? Could someone point me to a way to do it using the new .NET 2.0 Protected Configuration classes? Thanks in advance for any help given. Regards, paulo Here's another resource that discusses the issue in the context of
both Web and Windows forms: http://msdn2.microsoft.com/en-us/library/89211k9b.aspx. --Mary On Fri, 30 Jun 2006 17:13:10 +0100, paulo <isf@nospam.nospam> wrote: Show quoteHide quote >Hello, > >I just found the following article on how to encrypt connection strings >in .config files with .NET 2.0: > >http://msdn2.microsoft.com/en-us/library/dtkwfdky.aspx > >However it focus on ASP.NET applications, and I also want to do it in >Windows Forms applications. Is this possible? Could someone point me to >a way to do it using the new .NET 2.0 Protected Configuration classes? >Thanks in advance for any help given. > >Regards, >paulo well - encrypting stuff on the client doesn't really buy you any security.
if the app is able to decrypt it (running in the user's context) - then the user is able too... just keep that in mind... --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Here's another resource that discusses the issue in the context of > both Web and Windows forms: > http://msdn2.microsoft.com/en-us/library/89211k9b.aspx. > > --Mary > > On Fri, 30 Jun 2006 17:13:10 +0100, paulo <isf@nospam.nospam> wrote: > >> Hello, >> >> I just found the following article on how to encrypt connection >> strings in .config files with .NET 2.0: >> >> http://msdn2.microsoft.com/en-us/library/dtkwfdky.aspx >> >> However it focus on ASP.NET applications, and I also want to do it in >> Windows Forms applications. Is this possible? Could someone point me >> to a way to do it using the new .NET 2.0 Protected Configuration >> classes? Thanks in advance for any help given. >> >> Regards, >> paulo You're absolutely right -- in a Windows app encrypting config sections
is good only for obfuscation. --Mary On Sun, 2 Jul 2006 07:34:32 +0000 (UTC), Dominick Baier [DevelopMentor] <dbaier@pleasepleasenospamdevelop.com> wrote: Show quoteHide quote >well - encrypting stuff on the client doesn't really buy you any security. > >if the app is able to decrypt it (running in the user's context) - then the >user is able too... > >just keep that in mind... > >--------------------------------------- >Dominick Baier - DevelopMentor >http://www.leastprivilege.com > >> Here's another resource that discusses the issue in the context of >> both Web and Windows forms: >> http://msdn2.microsoft.com/en-us/library/89211k9b.aspx. >> >> --Mary >> >> On Fri, 30 Jun 2006 17:13:10 +0100, paulo <isf@nospam.nospam> wrote: >> >>> Hello, >>> >>> I just found the following article on how to encrypt connection >>> strings in .config files with .NET 2.0: >>> >>> http://msdn2.microsoft.com/en-us/library/dtkwfdky.aspx >>> >>> However it focus on ASP.NET applications, and I also want to do it in >>> Windows Forms applications. Is this possible? Could someone point me >>> to a way to do it using the new .NET 2.0 Protected Configuration >>> classes? Thanks in advance for any help given. >>> >>> Regards, >>> paulo > That's what I'm looking for!
Thank you for your advice. Regards, paulo Mary Chipman [MSFT] wrote: Show quoteHide quote > You're absolutely right -- in a Windows app encrypting config sections > is good only for obfuscation. > > --Mary > > On Sun, 2 Jul 2006 07:34:32 +0000 (UTC), Dominick Baier > [DevelopMentor] <dbaier@pleasepleasenospamdevelop.com> wrote: > >> well - encrypting stuff on the client doesn't really buy you any security. >> >> if the app is able to decrypt it (running in the user's context) - then the >> user is able too... >> >> just keep that in mind... >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >> >>> Here's another resource that discusses the issue in the context of >>> both Web and Windows forms: >>> http://msdn2.microsoft.com/en-us/library/89211k9b.aspx. >>> >>> --Mary >>> >>> On Fri, 30 Jun 2006 17:13:10 +0100, paulo <isf@nospam.nospam> wrote: >>> >>>> Hello, >>>> >>>> I just found the following article on how to encrypt connection >>>> strings in .config files with .NET 2.0: >>>> >>>> http://msdn2.microsoft.com/en-us/library/dtkwfdky.aspx >>>> >>>> However it focus on ASP.NET applications, and I also want to do it in >>>> Windows Forms applications. Is this possible? Could someone point me >>>> to a way to do it using the new .NET 2.0 Protected Configuration >>>> classes? Thanks in advance for any help given. >>>> >>>> Regards, >>>> paulo 
Other interesting topics
At What Point Does the Security Begin?
Certification Authority, code signing, code access AzMan connection problems Programmatically Install Certificate into Windows Certificate Store Kerberos and forms authentication Loading permission sets Deploying Framework 2.0 application to a network location How to: check for firewall blocking? CheckSignature & Revocation Server Proxy server authentication |
|||||||||||||||||||||||
