[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 388
  • Last Modified:

user and password are in configuration file

Hi experts, we currently have web service clients that consume other web services. The problem is that the user and password are in configuration file, then any network administrator can read.

 That mechanism should implement to avoid this, I read
 HASHING using SALTS
 or
 Active Directory integrated authentication, pam or ldap.

the original question
http://www.experts-exchange.com/Security/Encryption/Q_27842712.html
0
enrique_aeo
Asked:
enrique_aeo
1 Solution
 
b_levittCommented:
You could encrypt that portion of your config if this is running under iis:
http://msdn.microsoft.com/en-us/library/dtkwfdky%28v=vs.100%29.aspx

Never mind.  I thought you had one web service calling another web service, not clients.

Here's a previous post where I gave some functions for encrypting and decrypting values.
http://www.experts-exchange.com/Programming/Languages/Java/New_to_Java/Q_25774178.html

But ultimately you still have a problem - where do you store the encryption keys?  You can compile them into the code or make a request to get them but all if that is something a savvy user could get to.  I'm thinking the only real way to protect your third party services is to proxy your client's calls.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Tackle projects and never again get stuck behind a technical roadblock.
Join Now