Problems with Dpapi Tools zip download link

Discussion in 'ASP .Net Security' started by Dominick Baier [DevelopMentor], Jan 25, 2005.

  1. thanks for pointing that out. fixed.



    ---
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#>

    Dominick,

    The download link for your dpapi tools is not functional.
    Could you please check the site and your zip file?

    Thanks,

    Phil



    "Phil C." <> wrote in message
    news:%...
    > Thanks Dominick,
    >
    > I think this ties in with Svein's last reply regarding creating a dll.
    > I will download it and try it.
    >
    > Finding some answers to this question was difficult as I googled
    > considerably and looked
    > at a lot of .Net forums, but for some reason no one else seems to have
    > needed to document the answers.
    >
    > Phil
    >
    > "Dominick Baier [DevelopMentor]" <>
    > wrote in message news:...
    >>i wrote a couple of DPAPI tools (extended the ms impl, a command line tool
    >>.. and a ASP.NET frontend) - just upload the single aspx file to the
    >>server and you can encrypt whatever strings you like with DPAPI...don't
    >>forget to secure that page (or better delete it when you are finished)
    >>
    >> download:
    >> http://www.leastprivilege.com/PermaLink.aspx?guid=ebd9956e-a36c-4b57-8d58-6ff79a60e43f
    >>
    >>
    >>
    >> ---
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>
    >>
    >> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<>
    >>
    >> Hi.
    >>
    >> I'd like to use an encrypted database connection string. I'd also like
    >> use
    >> an encrypted set of customer tables with a symmetric algorithm (and a
    >> secure
    >> symmetric key) generated by .Net in my sql server database from asp.net
    >> code stored on a shared host asp.net server.
    >>
    >> I've downloaded a set of vb.net code that is a rewrite of the c# dpapi
    >> code posted on msdn. The dpapi should enable me to encrypt the connection
    >> string, but the portion of the code that calls the encryption class and
    >> encrypts a given string is a console application.
    >>
    >> The article accompanying the code states: "Note that you'll need to run
    >> the
    >> console application on the IIS server to generate the encrypted
    >> base-64-encoded string. this is because the EncryptString function
    >> instructs the DPAPI to use the machine-wide key, so the encryption and
    >> ecryption will be valid only on the same machine.
    >>
    >> Since this is on a shared host thousands of miles away, and I don't
    >> belive
    >> I can run any local console code on it,
    >> does this mean I'm sunk????
    >>
    >> Basically I need some secure way of storing my encrypted connection
    >> string
    >> and storing
    >> my symmetric encryption key. I know how to write the code to use the keys
    >> and algorithms to encrypt and decrypt things.
    >>
    >> I suppose I could hide bits and pieces of the each key
    >> in different places in the code or database and append them together by
    >> hardcoding, but
    >> I believe that that could be discovered???? by dissassembling my code
    >> unless
    >> I use a professional obfuscator???.
    >>
    >> HELP!
    >>
    >> --Insecure in Boston, MA
    >> -->GO PATRIOTS!!!!!!!!!!!!!!!
    >>
    >>
    >>
    >> [microsoft.public.dotnet.framework.aspnet.security]

    >
    >




    [microsoft.public.dotnet.framework.aspnet.security]
     
    Dominick Baier [DevelopMentor], Jan 25, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve C. Orr [MVP, MCSD]
    Replies:
    0
    Views:
    1,666
    Steve C. Orr [MVP, MCSD]
    Mar 7, 2005
  2. m.niinimaki
    Replies:
    9
    Views:
    1,107
    steph
    Aug 29, 2010
  3. Martin

    Further DPAPI (user store) problems

    Martin, Sep 12, 2004, in forum: ASP .Net Security
    Replies:
    8
    Views:
    198
    Martin
    Sep 22, 2004
  4. Phil C.

    DpAPI Encrypted Aes Key Problems

    Phil C., Mar 5, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    344
    Phil C.
    Mar 5, 2005
  5. Replies:
    1
    Views:
    115
Loading...

Share This Page