• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 207
  • Last Modified:

How to store secure login information while still able to modify

Hello Expert:
   Here is a question that I got hammer today. I have an application that go into a ERP system do a lot of transactions...etc But the problem is I have to have the login information to access the ERP, But I don't what to hardcoded in the application since those information might change in the future and might change freqeuently. But I don't want just have it on a text file or some readable files that someone can just look at it.
   What are my options? system registry? file password protections? text file encryption?
   Appreciate any suggestions!
0
pengbsam
Asked:
pengbsam
4 Solutions
 
JimBrandleyCommented:
The registry is not a safe place, unless you encrypt it. We encrypt the connection information and keep it in a config file. It works great for us.

Jim
0
 
SameerJagdaleCommented:
try this:

To encode:
Convert.ToBase64String()

To decode:
Convert.FromBase64String()
0
 
prosh0tCommented:
Yep encryption is your best bet.  I don't know how secure this situation needs to be for you, but in the case that you cannot have ANYBODY every getting ahold of this password and if you're creating the encryption algorithm yourself, there is something else to keep in mind that a lot of people don't know about.  An unsecured .NET .exe can easily be disassembled and converted back to the original source code (C#, or VB.NET) and so your encryption algorithm would be read easily by anybody, and then those pw's in the registry could easily be decrypted.  Check out "Lutz Roeders' Reflector."  You can download this program for free, open any of your .NET .exe's and see it easily disassemble them and show you your original source code.  You'll need to put measures in to guard against that.

The link to the disassembler is here:
http://www.aisto.com/roeder/dotnet/

For info to guard against that check out the following links:
http://blogs.msdn.com/ericgu/archive/2004/02/24/79236.aspx
http://en.wikipedia.org/wiki/Obfuscated_code
0
 
pengbsamAuthor Commented:
Except the Tobase64string() is there any other good encryption scheme?
0
 
JimBrandleyCommented:
Base64 is an encoding scheme, not encryption. I recommend System.Security.Cryptography.RijndaelManaged. It is secure and easy to use.

Jim
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now