S
Sal
Unfortunately our organisation isnt planning to migrate to .NET 2.0 for a
while and I need to tighten the security of the data
(usernames/pwd/connstrings) in our *.config files.
From the research I have done, a possible solution is to use DPAPI (Machine)
+ Isolated Storage. I was planning on creating a shared .dll to hold the
encrypting/decrypting DPAPI functions for thae various applications on the
server to reference in decrypting values in the *.config files, which would
then be stored in an Application Session variable on Application_Start
(Globals.asax). I was going to use Isolated Storage to store the Second
Entropy to be used as part of the encryption and store it (in encrypted
format). Yes, I know Isolated Storage is not to be used for storing secret
data, but the key is in cipher-text and its location is better than just
putting it in the code.
Has anyone employed something similar, or can offer an opinion?
TIA
while and I need to tighten the security of the data
(usernames/pwd/connstrings) in our *.config files.
From the research I have done, a possible solution is to use DPAPI (Machine)
+ Isolated Storage. I was planning on creating a shared .dll to hold the
encrypting/decrypting DPAPI functions for thae various applications on the
server to reference in decrypting values in the *.config files, which would
then be stored in an Application Session variable on Application_Start
(Globals.asax). I was going to use Isolated Storage to store the Second
Entropy to be used as part of the encryption and store it (in encrypted
format). Yes, I know Isolated Storage is not to be used for storing secret
data, but the key is in cipher-text and its location is better than just
putting it in the code.
Has anyone employed something similar, or can offer an opinion?
TIA