P
Phil C.
Hi.
I'd like to use an encrypted database connection string. I'd also like use
an encrypted set of customer tables with a symmetric algorithm (and a secure
symmetric key) generated by .Net in my sql server database from asp.net
code stored on a shared host asp.net server.
I've downloaded a set of vb.net code that is a rewrite of the c# dpapi
code posted on msdn. The dpapi should enable me to encrypt the connection
string, but the portion of the code that calls the encryption class and
encrypts a given string is a console application.
The article accompanying the code states: "Note that you'll need to run the
console application on the IIS server to generate the encrypted
base-64-encoded string. this is because the EncryptString function
instructs the DPAPI to use the machine-wide key, so the encryption and
ecryption will be valid only on the same machine.
Since this is on a shared host thousands of miles away, and I don't belive
I can run any local console code on it,
does this mean I'm sunk????
Basically I need some secure way of storing my encrypted connection string
and storing
my symmetric encryption key. I know how to write the code to use the keys
and algorithms to encrypt and decrypt things.
I suppose I could hide bits and pieces of the each key
in different places in the code or database and append them together by
hardcoding, but
I believe that that could be discovered???? by dissassembling my code unless
I use a professional obfuscator???.
HELP!
--Insecure in Boston, MA
-->GO PATRIOTS!!!!!!!!!!!!!!!
I'd like to use an encrypted database connection string. I'd also like use
an encrypted set of customer tables with a symmetric algorithm (and a secure
symmetric key) generated by .Net in my sql server database from asp.net
code stored on a shared host asp.net server.
I've downloaded a set of vb.net code that is a rewrite of the c# dpapi
code posted on msdn. The dpapi should enable me to encrypt the connection
string, but the portion of the code that calls the encryption class and
encrypts a given string is a console application.
The article accompanying the code states: "Note that you'll need to run the
console application on the IIS server to generate the encrypted
base-64-encoded string. this is because the EncryptString function
instructs the DPAPI to use the machine-wide key, so the encryption and
ecryption will be valid only on the same machine.
Since this is on a shared host thousands of miles away, and I don't belive
I can run any local console code on it,
does this mean I'm sunk????
Basically I need some secure way of storing my encrypted connection string
and storing
my symmetric encryption key. I know how to write the code to use the keys
and algorithms to encrypt and decrypt things.
I suppose I could hide bits and pieces of the each key
in different places in the code or database and append them together by
hardcoding, but
I believe that that could be discovered???? by dissassembling my code unless
I use a professional obfuscator???.
HELP!
--Insecure in Boston, MA
-->GO PATRIOTS!!!!!!!!!!!!!!!