Better security

[David Thielen]

Hi;

First off, if you have not read Dominick Baier's book yet - GO READ IT
NOW. That is the book I wish I had read first - would have saved me
boatloads of time.

Ok, on to the question. It seems to me the best way to store secrets
that we need to plaintext of (ie can't just hash and save the hash) is
to:

Have person A know the connection string to the database.

Have person B know the symentric key used to encrypt the secrets

Have person C be the only one with access to the server and to the
web.config file.

The question is, how do we get the ifno from person's A & B into the
Web.Config file and encrypted in the Web.Config file. If person C does
that they've seen them unencrypted. If person A & B do it, they are
then on the server for a short period of time.

??? - thanks - dave

david@[email protected]
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[David Thielen]

Asking again via the MS Web page so it's marked as a MSDN question.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Hello Dave,

Based on the nature of the question you mentioned, it is somewhat a pure
security & cryptography question.

I'm not sure the exact application code logic in your scenario(such as the
front end, backend and intermediate's processing on data and the user/role
based security strategry), would you further explain it? For example, how
will the three users(A,B,C) work in your application(or in different
application tier).

Generally, for symmetric cryptography, a key problem is the key
distribution and key management. Only the sender and receiver should own
the key. For example, if A and B want to exhange data through symmetric
data encryption, only A,B will share a key. And if they want to let a 3rd
party(such as user C) to maintain the data, then, they should offer C the
encrypted data(rather than plain text).

Please feel free to let me know your actual requirement and concerns.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[David Thielen]

Because of the username and password in it to connect to the database. Am I
missing something here?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Hi Dave,

I'm afraid this is a bit hard. One question, why user A and B can not give
the encrypted connectionstring to C and let it store into the web.config
file? And can't they retrieve the encrypted one later and decrypt them in
their own context?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Dominick Baier]

get rid of passwords in connection strings.....

 

[Steven Cheng[MSFT]]

Hi Dave,

Yes, use aspnet_regiis is one way to encrypt the content so that only
ASP.NET runtime can decrypt it. However, for your scenario, you only want
A,B to know the key and be able to encrypt and decrypt the
connectionstring, this violate the usage of ASP.NET/.NET 2.0's
configuration protection/encryption. So I think you can review your current
security design here to see whether any other approach should be better?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.