D
Dominick Baier [DevelopMentor]
thanks for pointing that out. fixed.
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#[email protected]>
Dominick,
The download link for your dpapi tools is not functional.
Could you please check the site and your zip file?
Thanks,
Phil
[microsoft.public.dotnet.framework.aspnet.security]
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#[email protected]>
Dominick,
The download link for your dpapi tools is not functional.
Could you please check the site and your zip file?
Thanks,
Phil
Phil C. said:Thanks Dominick,
I think this ties in with Svein's last reply regarding creating a dll.
I will download it and try it.
Finding some answers to this question was difficult as I googled
considerably and looked
at a lot of .Net forums, but for some reason no one else seems to have
needed to document the answers.
Phil
Dominick Baier said:i wrote a couple of DPAPI tools (extended the ms impl, a command line tool
.. and a ASP.NET frontend) - just upload the single aspx file to the
server and you can encrypt whatever strings you like with DPAPI...don't
forget to secure that page (or better delete it when you are finished)
download:
http://www.leastprivilege.com/PermaLink.aspx?guid=ebd9956e-a36c-4b57-8d58-6ff79a60e43f
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<[email protected]>
Hi.
I'd like to use an encrypted database connection string. I'd also like
use
an encrypted set of customer tables with a symmetric algorithm (and a
secure
symmetric key) generated by .Net in my sql server database from asp.net
code stored on a shared host asp.net server.
I've downloaded a set of vb.net code that is a rewrite of the c# dpapi
code posted on msdn. The dpapi should enable me to encrypt the connection
string, but the portion of the code that calls the encryption class and
encrypts a given string is a console application.
The article accompanying the code states: "Note that you'll need to run
the
console application on the IIS server to generate the encrypted
base-64-encoded string. this is because the EncryptString function
instructs the DPAPI to use the machine-wide key, so the encryption and
ecryption will be valid only on the same machine.
Since this is on a shared host thousands of miles away, and I don't
belive
I can run any local console code on it,
does this mean I'm sunk????
Basically I need some secure way of storing my encrypted connection
string
and storing
my symmetric encryption key. I know how to write the code to use the keys
and algorithms to encrypt and decrypt things.
I suppose I could hide bits and pieces of the each key
in different places in the code or database and append them together by
hardcoding, but
I believe that that could be discovered???? by dissassembling my code
unless
I use a professional obfuscator???.
HELP!
--Insecure in Boston, MA
-->GO PATRIOTS!!!!!!!!!!!!!!!
[microsoft.public.dotnet.framework.aspnet.security]
[microsoft.public.dotnet.framework.aspnet.security]