RE: VB 2005 and Content Security Question
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Thu, 04 Jan 2007 10:52:47 GMT
Hello ILR,
For your scenario, must the sensitive data be stored in SQL Server database
or if it's some simple data that can also be stored in configuration
file(such as app.config). In .NET Framework 2.0, there does provide many
new data protection/secure features that can help us conveniently secure
our application data. If the data should be stored in SQL Server, since
SQL server access include network connection and data transfering, I
suggest you manually encrypt the data if the size is not very huge.
You can consider using the DPAPI component in .NET
2.0(System.Security.Cryptography.ProtectedData class). You can have a look
at the following MSDN reference about how to perform data protection in
NET:
#How to: Use Data Protection
http://msdn2.microsoft.com/en-us/library/ms229741(vs.80).aspx
here is another web article introduce other net security features in .NET
2.0
#New Security Features in .NET 2.0
http://www.theserverside.net/tt/articles/showarticle.tss?id=NewSecurityFeatu
res
In addition, if you have some sensitive configuration setting that need to
secure and want to store in configuration file, you can have a look at the
following article:
#How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn2.microsoft.com/en-us/library/ms998280.aspx
Though the above article is targeting ASP.NET web.config, the function also
apply for normal .net application(console or winform), see a former thread:
#Encryption of application configuration block
http://groups.google.com/group/microsoft.public.dotnet.general/browse_thread
/thread/1bbeeb01ae5ca5c6/70dd27a4598ab060?
Hope this helps you.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- Prev by Date: SendKeys
- Next by Date: hi thanks
- Previous by thread: SendKeys
- Next by thread: RE: VB 2005 and Content Security Question
- Index(es):
Relevant Pages
|
