Application Object

[Mike]

How easy is it for a hacker to access data stored in the Application Object in IIS server. I want to store a decrpyted connection string there rather that decrypting it everytime I access the database. Currently I use dpapi on a encryption key stored in the registry the use the encrytion key to decrypt the connection string. Using windows authentication is not an option since the iis server is in the dmz

Thanks

 

[WJ]

When you say "Application Object" I assume that you mean Global Asax. I
think Global Asax is safe to store sensitive data while your user surfing
your site. Unless there is an insider help to plant a code inside your box
to monitor and snatch the data, I donot think how hackers can do this from
outside.

John

How easy is it for a hacker to access data stored in the Application

Object in IIS server. I want to store a decrpyted connection string there
rather that decrypting it everytime I access the database. Currently I use
dpapi on a encryption key stored in the registry the use the encrytion key
to decrypt the connection string. Using windows authentication is not an
option since the iis server is in the dmz.

 

[Mike]

Hi, John thanks for replying, what I mean by application object is the "Application" collection stored in the memory of the iis server

From MSDN

Platform SDK: Internet Information Services

Application Objec

You can use the Application object to share information among all users of a given application. An ASP-based application is defined as all the .asp files in a virtual directory and its subdirectories. Because the Application object can be shared by more than one user, there are Lock and Unlock methods to ensure that multiple users do not try to alter a property simultaneously