Solved

How to store secure login information while still able to modify

Posted on 2007-11-27
5
196 Views
Last Modified: 2010-04-15
Hello Expert:
   Here is a question that I got hammer today. I have an application that go into a ERP system do a lot of transactions...etc But the problem is I have to have the login information to access the ERP, But I don't what to hardcoded in the application since those information might change in the future and might change freqeuently. But I don't want just have it on a text file or some readable files that someone can just look at it.
   What are my options? system registry? file password protections? text file encryption?
   Appreciate any suggestions!
0
Comment
Question by:pengbsam
5 Comments
 
LVL 22

Assisted Solution

by:JimBrandley
JimBrandley earned 300 total points
Comment Utility
The registry is not a safe place, unless you encrypt it. We encrypt the connection information and keep it in a config file. It works great for us.

Jim
0
 
LVL 13

Assisted Solution

by:SameerJagdale
SameerJagdale earned 100 total points
Comment Utility
try this:

To encode:
Convert.ToBase64String()

To decode:
Convert.FromBase64String()
0
 
LVL 7

Assisted Solution

by:prosh0t
prosh0t earned 100 total points
Comment Utility
Yep encryption is your best bet.  I don't know how secure this situation needs to be for you, but in the case that you cannot have ANYBODY every getting ahold of this password and if you're creating the encryption algorithm yourself, there is something else to keep in mind that a lot of people don't know about.  An unsecured .NET .exe can easily be disassembled and converted back to the original source code (C#, or VB.NET) and so your encryption algorithm would be read easily by anybody, and then those pw's in the registry could easily be decrypted.  Check out "Lutz Roeders' Reflector."  You can download this program for free, open any of your .NET .exe's and see it easily disassemble them and show you your original source code.  You'll need to put measures in to guard against that.

The link to the disassembler is here:
http://www.aisto.com/roeder/dotnet/

For info to guard against that check out the following links:
http://blogs.msdn.com/ericgu/archive/2004/02/24/79236.aspx
http://en.wikipedia.org/wiki/Obfuscated_code
0
 

Author Comment

by:pengbsam
Comment Utility
Except the Tobase64string() is there any other good encryption scheme?
0
 
LVL 22

Accepted Solution

by:
JimBrandley earned 300 total points
Comment Utility
Base64 is an encoding scheme, not encryption. I recommend System.Security.Cryptography.RijndaelManaged. It is secure and easy to use.

Jim
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now