Re: How to use ADO fast?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Even safer is to use windows authentication if possible.

--
Miha Markic [MVP C#]
RightHand .NET consulting & development www.rthand.com
Blog: http://cs.rthand.com/blogs/blog_with_righthand/

"W.G. Ryan - MVP" <WilliamRyan@xxxxxxxxxxxxxxxx> wrote in message
news:eNVMZtOAGHA.3864@xxxxxxxxxxxxxxxxxxxxxxx
>I prefer encryption to. In the old days it was different, but the first
>time I saw reflector show me my code clear as day, that changed all that
>for me
> "Miha Markic [MVP C#]" <miha at rthand com> wrote in message
> news:e3rKoOLAGHA.3804@xxxxxxxxxxxxxxxxxxxxxxx
>> It is still silly - hardcoding is never a good option even with one time
>> deployment.
>> There are other protection mechanisms like encryption.
>> And heck, if the system admin (or web admin) opens the access to the web
>> server than no hardcoding will help him/her.
>>
>> --
>> Miha Markic [MVP C#]
>> RightHand .NET consulting & development www.rthand.com
>> Blog: http://cs.rthand.com/blogs/blog_with_righthand/
>>
>> "Cor Ligthert [MVP]" <notmyfirstname@xxxxxxxxx> wrote in message
>> news:eZIHvPCAGHA.1568@xxxxxxxxxxxxxxxxxxxxxxx
>>> Bill,
>>>
>>> Even if it is downloaded because a misplaced security in the directory,
>>> than it is in my opinion harder to get the connectionstring from the DLL
>>> than from the config.sys
>>>
>>> I am not so sure that every administrator set all rights in the correct
>>> way (The main belongs to ASPNET, however the Bin should have other
>>> rights).
>>>
>>> Downloading config.sys from an open bin directory is a piece of cake. If
>>> it is in a dll, than your first chalenge is to know the name of it. Than
>>> you have to know about ILS and than you can find (for not Net specials
>>> with a lot of work) the configstring somewhere between that ILS code.
>>>
>>> Therefore I have the idea that a connectionstring in a DLL on a
>>> webserver is at least not less save than in a config.file.
>>>
>>> If the situation is that you have to deploy almost exactly the same
>>> website a lot of times than the config is of course a better approach,
>>> however not for security reason but for deployment reason. However see
>>> what I wrote about this before in this message thread.
>>>
>>> Cor
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: How to use ADO fast?
    ... > There are other protection mechanisms like encryption. ... >> than it is in my opinion harder to get the connectionstring from the DLL ... >> with a lot of work) the configstring somewhere between that ILS code. ... >> however not for security reason but for deployment reason. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Managed EXE DLL Injection
    ... encryption is one of the most inefficient forms of code obfuscation? ... Wang are two most active obfuscation researchers, ... > way that the encrypted DLL will stay independent. ... > loader do the same verification done by 'peverifier.exe' I have tried the ...
    (microsoft.public.dotnet.framework.clr)
  • Re: Could a hacker achieve this?
    ... Stealing the DLL is one task and probably the hardest. ... Now if we assume that the hacker has gained entry to your machine and can ... it was encrypted on, with DPAPI ... So you could either use DPAPI for all your encryption needs or just to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Could a hacker achieve this?
    ... > assume a standard .Net app with the DLL in the bin folder, ... > Now if we assume that the hacker has gained entry to your machine and can ... > it was encrypted on, with DPAPI ... > store/encrypt the encryption key that you will be using. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Problems passing structures from VB.Net to C DLL
    ... The functions in the DLL typically require that structures be passed to ... Encryption Encrypt; ... } AddressHost; ... code in one project and with the C++ DLL source code in another project. ...
    (microsoft.public.dotnet.framework.interop)