Solved

How to store secure login information while still able to modify

Posted on 2007-11-27
5
201 Views
Last Modified: 2010-04-15
Hello Expert:
   Here is a question that I got hammer today. I have an application that go into a ERP system do a lot of transactions...etc But the problem is I have to have the login information to access the ERP, But I don't what to hardcoded in the application since those information might change in the future and might change freqeuently. But I don't want just have it on a text file or some readable files that someone can just look at it.
   What are my options? system registry? file password protections? text file encryption?
   Appreciate any suggestions!
0
Comment
Question by:pengbsam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Assisted Solution

by:JimBrandley
JimBrandley earned 300 total points
ID: 20363370
The registry is not a safe place, unless you encrypt it. We encrypt the connection information and keep it in a config file. It works great for us.

Jim
0
 
LVL 13

Assisted Solution

by:SameerJagdale
SameerJagdale earned 100 total points
ID: 20363496
try this:

To encode:
Convert.ToBase64String()

To decode:
Convert.FromBase64String()
0
 
LVL 7

Assisted Solution

by:prosh0t
prosh0t earned 100 total points
ID: 20363622
Yep encryption is your best bet.  I don't know how secure this situation needs to be for you, but in the case that you cannot have ANYBODY every getting ahold of this password and if you're creating the encryption algorithm yourself, there is something else to keep in mind that a lot of people don't know about.  An unsecured .NET .exe can easily be disassembled and converted back to the original source code (C#, or VB.NET) and so your encryption algorithm would be read easily by anybody, and then those pw's in the registry could easily be decrypted.  Check out "Lutz Roeders' Reflector."  You can download this program for free, open any of your .NET .exe's and see it easily disassemble them and show you your original source code.  You'll need to put measures in to guard against that.

The link to the disassembler is here:
http://www.aisto.com/roeder/dotnet/

For info to guard against that check out the following links:
http://blogs.msdn.com/ericgu/archive/2004/02/24/79236.aspx
http://en.wikipedia.org/wiki/Obfuscated_code
0
 

Author Comment

by:pengbsam
ID: 20365305
Except the Tobase64string() is there any other good encryption scheme?
0
 
LVL 22

Accepted Solution

by:
JimBrandley earned 300 total points
ID: 20365893
Base64 is an encoding scheme, not encryption. I recommend System.Security.Cryptography.RijndaelManaged. It is secure and easy to use.

Jim
0

Featured Post

The Orion Papers

Are you interested in becoming an AWS Certified Solutions Architect?

Discover a new interactive way of training for the exam.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question