?
Solved

How to store secure login information while still able to modify

Posted on 2007-11-27
5
Medium Priority
?
205 Views
Last Modified: 2010-04-15
Hello Expert:
   Here is a question that I got hammer today. I have an application that go into a ERP system do a lot of transactions...etc But the problem is I have to have the login information to access the ERP, But I don't what to hardcoded in the application since those information might change in the future and might change freqeuently. But I don't want just have it on a text file or some readable files that someone can just look at it.
   What are my options? system registry? file password protections? text file encryption?
   Appreciate any suggestions!
0
Comment
Question by:pengbsam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Assisted Solution

by:JimBrandley
JimBrandley earned 1200 total points
ID: 20363370
The registry is not a safe place, unless you encrypt it. We encrypt the connection information and keep it in a config file. It works great for us.

Jim
0
 
LVL 13

Assisted Solution

by:SameerJagdale
SameerJagdale earned 400 total points
ID: 20363496
try this:

To encode:
Convert.ToBase64String()

To decode:
Convert.FromBase64String()
0
 
LVL 7

Assisted Solution

by:prosh0t
prosh0t earned 400 total points
ID: 20363622
Yep encryption is your best bet.  I don't know how secure this situation needs to be for you, but in the case that you cannot have ANYBODY every getting ahold of this password and if you're creating the encryption algorithm yourself, there is something else to keep in mind that a lot of people don't know about.  An unsecured .NET .exe can easily be disassembled and converted back to the original source code (C#, or VB.NET) and so your encryption algorithm would be read easily by anybody, and then those pw's in the registry could easily be decrypted.  Check out "Lutz Roeders' Reflector."  You can download this program for free, open any of your .NET .exe's and see it easily disassemble them and show you your original source code.  You'll need to put measures in to guard against that.

The link to the disassembler is here:
http://www.aisto.com/roeder/dotnet/

For info to guard against that check out the following links:
http://blogs.msdn.com/ericgu/archive/2004/02/24/79236.aspx
http://en.wikipedia.org/wiki/Obfuscated_code
0
 

Author Comment

by:pengbsam
ID: 20365305
Except the Tobase64string() is there any other good encryption scheme?
0
 
LVL 22

Accepted Solution

by:
JimBrandley earned 1200 total points
ID: 20365893
Base64 is an encoding scheme, not encryption. I recommend System.Security.Cryptography.RijndaelManaged. It is secure and easy to use.

Jim
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question