|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
|
Hi,
How does the DPAPI work when using machinestore? Does all users on the machine have access to the encrypted data? Or is it possible to set an access list? Johan Yes all users on that machine can decrypt the DPAPI encrypted data if you use
CRYPTPROTECT_LOCAL_MACHINE flag. You should therefore ALSO considering adding ACL control to the encrypted data, and also you might want to add additional pOptionalEntropy password protection. See also Writing Secure Code, 2nd Edn. p. 306 pp - Mitch Gallant MVP Security Show quoteHide quote "Johan" <jo***@home.se> wrote in message news:d74e0d$iuu$1@ulric.tng.de... > Hi, > How does the DPAPI work when using machinestore? Does all users on the > machine have access to the encrypted data? > Or is it possible to set an access list? > > Johan 
Other interesting topics
Appl. Security Problems
Impersonation through HttpModule hotmail Security exception related to network Data security/filtering on attribute values How many keys? IIS / SQL Server impersonation Why CAS doesn't stop things in ASP.NET apps problem:referenced assembly "XPCommonControls(a free third party component)" has no strongName. Migrating users to asp.net 2.0 from CSK and setting passwords |
|||||||||||||||||||||||
