Information Security Asked on November 8, 2021
We have to protect a database connection string for a .NET desktop application that has an application-level database user. One option is to encrypt a section of the app.config
using asp_regiis
. But then every user of the application needs to have the key installed on their PC.
If an intranet IIS server has SSL and Microsoft Windows Authentication
was in place, would an ASP.NET web-app that accepted an encrypted value and returned a plain text be a viable alternative to installing the keys on every user’s machine?
With the web app, no user would be able to export the key from their local container, and so the web app approach seems the more secure of the two.
Well, which is it? A user or an attacker? A user doesn't care about the key, an attacker does.
An attacker doesn't really even care about the key, but rather the password. Moreover, an attacker doesn't really even care about the password, but in fact the data in the database.
If an attacker could reasonably get the key out of the user profile (which is what you're suggesting is the attack) they could easily just observe the connection to the service or even the database itself.
The correct solution is to move the connection to the database out of the context of the user. Since that's probably not feasible, you should consider switching to a non-credential-based mechanism like Windows Integrated Auth. You seem happy to do it for the service, so why not the database?
Note however that this doesn't actually solve the problem, it just limits the ways an attacker can connect to the database.
Answered by Steve on November 8, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP