?
Solved

How to store secure login information while still able to modify

Posted on 2007-11-27
5
Medium Priority
?
202 Views
Last Modified: 2010-04-15
Hello Expert:
   Here is a question that I got hammer today. I have an application that go into a ERP system do a lot of transactions...etc But the problem is I have to have the login information to access the ERP, But I don't what to hardcoded in the application since those information might change in the future and might change freqeuently. But I don't want just have it on a text file or some readable files that someone can just look at it.
   What are my options? system registry? file password protections? text file encryption?
   Appreciate any suggestions!
0
Comment
Question by:pengbsam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Assisted Solution

by:JimBrandley
JimBrandley earned 1200 total points
ID: 20363370
The registry is not a safe place, unless you encrypt it. We encrypt the connection information and keep it in a config file. It works great for us.

Jim
0
 
LVL 13

Assisted Solution

by:SameerJagdale
SameerJagdale earned 400 total points
ID: 20363496
try this:

To encode:
Convert.ToBase64String()

To decode:
Convert.FromBase64String()
0
 
LVL 7

Assisted Solution

by:prosh0t
prosh0t earned 400 total points
ID: 20363622
Yep encryption is your best bet.  I don't know how secure this situation needs to be for you, but in the case that you cannot have ANYBODY every getting ahold of this password and if you're creating the encryption algorithm yourself, there is something else to keep in mind that a lot of people don't know about.  An unsecured .NET .exe can easily be disassembled and converted back to the original source code (C#, or VB.NET) and so your encryption algorithm would be read easily by anybody, and then those pw's in the registry could easily be decrypted.  Check out "Lutz Roeders' Reflector."  You can download this program for free, open any of your .NET .exe's and see it easily disassemble them and show you your original source code.  You'll need to put measures in to guard against that.

The link to the disassembler is here:
http://www.aisto.com/roeder/dotnet/

For info to guard against that check out the following links:
http://blogs.msdn.com/ericgu/archive/2004/02/24/79236.aspx
http://en.wikipedia.org/wiki/Obfuscated_code
0
 

Author Comment

by:pengbsam
ID: 20365305
Except the Tobase64string() is there any other good encryption scheme?
0
 
LVL 22

Accepted Solution

by:
JimBrandley earned 1200 total points
ID: 20365893
Base64 is an encoding scheme, not encryption. I recommend System.Security.Cryptography.RijndaelManaged. It is secure and easy to use.

Jim
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question