|
Hi Everyone:
I want a good way of putting in passwords into config files. I wanted to use a public encryption scheme. The way that I figured I would use was this. Generate a public private pair in advance and place this into the code in advance. Then place the public key into the config file. Then provide a seperate tool for the user to take that public key and encrypt the password. The only thing that I was concerned about was the storing of the private key so openly in the code.
What should I do to get around this?
Cheers,
Jim
Did I post well? Rate it! Did I post badly? Rate that too!
|
|
|
|
|
I'm personally against putting the private key in the code. I suppose you could obfuscate the code, possibly making it harder to read the key, but otherwise, anyone with ILDASM or Reflector could have it in minutes.
In my opinion, you're better off (unless you want to pursue some chip-based or biometric solution) just putting the key in a file in a secure (as in file permissions) location that you control. You could also use the registry, I suppose - that can be both secured and audited.
Hope this helps.
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not 'Eureka!' ('I found it!') but 'That's funny...’
|
|
|
|
|
Thanks for the suggestion, but I am afraid that the solution really does require it to be there. I just wish that there was a way to get it into code ahead of time. Unfortunately, I cannot take the permissions approach because this is actually meant to be a more general solutions approach, and as for the registry, we really dont want to use it. I know that there is a built in feature for storing the key, and that obfuscates the key for you. But I dont know how I could actually beging with that object in existence I am afraid.
Otherwise, does the structure of the solution seem ok?
Thanks a lot,
Jim
Did I post well? Rate it! Did I post badly? Rate that too!
|
|
|
|
|
I don't understand why a solution would require the private key to be embedded in the source code. Can you elaborate on that a little? I also don't understand what you meant by "...get it into the code ahead of time." or the idea that this is supposed to be a "more general approach". What does that mean? I can't imagine it's going to be very general in nature if you're planning on cooking the private key right into the assembly. You cant's get a lot more concrete than that. Are you planning to automatically create these assemblies and compile them on the fly or something?
That said, I can't answer your question about the structure of the solution. It's kind of like standing in an empty meadow and asking someone what they think of your new office building.
More info would be helpful.
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not 'Eureka!' ('I found it!') but 'That's funny...’
|
|
|
|
|
Hrmm, perhaps I didn't quite make my solution 100% clear. Basically, I NEED to have some sensitive data placed in the configuration file. My solution, was to pregenerate a public key, and have the private key placed right into the code. (Optimally one would like to generate that at run time, but that is not possible because the user is only going to configure this file once.)
Using the public key (which I would likely leave right in the configuration file) the user can encrypt theiry sensitive data, and then place that data in the config file. As the code would have the private key already, it would already be able decrypt the information in the config file.
I hope that is a little clearer,
Jim
Did I post well? Rate it! Did I post badly? Rate that too!
|
|
|
|
|
Apparently I missed something too. Are you suggesting that you are going to change the app.config file at runtime? If so, I would recommend against it, regardless of your plans for encryption. It's not a recommended place to keep dynamic config data.
As far as storing passwords in text files, with a private key embedded in source code, I don't think it's a great idea. Certainly it can be made to work.
Does your application use a database of any kind? Generally I just use a one-way salted hash to obscure passwords when there's a database.
Don't know if this helps or not, but I think I have a better understanding of what you're trying to do now.
Good luck.
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not 'Eureka!' ('I found it!') but 'That's funny...’
|
|
|
|
|
If you are putting the public key itself in the config file and you are also keeping the private key in the code somewhere, then where is the security of the data? In such a scenario, almost everybody having access to the cofig file will have access to the public key and can encrypt the sensitive data in your scheme of the things and store the same in the cofig file. Moreover, everybody can then simply use your program which will automatically decrypt the sensitive data by using the private key stored somewhere in the code. This is so because apparently you are not using any specific extra password etc from a particular user which can distinguish one user from another and which can bind it to a particular user.
Better course is to have (or create at run time at the time of first use by a user) a password which is encrypted with a one-way hash (with an appropriate salt for better security). Store that hash value (may be in a config file). Subsequently, when the user inputs that password at the time of a subsequent use of the program, it should again get the hash value of the password entered by the user and compare the same with the hash value stored at the time of the first use.
As for the encryption of the other data, the same can be done by using a symmeteric encryption by the aforesaid password the safety of which has been ensured by hashing it.
Hope it suits your requirements.
|
|
|
|
|
I'have created a program that copies files from one location to another.
Does anyone know if there is a way for me to limit the transfer speed to 1000kbyte/sec?
Currently using System.IO.File.Copy to copy files
Why?
Trying to avoid using all available network capacity.
Alternative solution.
The only solution I've found so far is to time each transfer, and add a little pause between the files.
Andreas
|
|
|
|
|
You can't do it using standard methods. You can't tell the .Copy() method to pace itself and you can alter the network configuration to slow down on just that process.
You can, however, write your own File Copy process that paces itself. Read a block of the source file, write it to the destination, then Sleep for a little bit, read another block, write it, sleep a bit, ...
You could also look into using the Background Intelligent Transfer Service, BITS[^] for short.
RageInTheMachine9532
"...a pungent, ghastly, stinky piece of cheese!" -- The Roaming Gnome
|
|
|
|
|
How can I get constuctor params when using inherited ProxyAttribute class?
public class MyProxyAttribute : ProxyAttribute
{
public MyProxyAttribute()
{
}
public override MarshalByRefObject CreateInstance(Type type)
{
return Activator.CreateInstance(MyProxy(type,args))
}
}
I have no idea how can I get the args array.
|
|
|
|
|
|
I'm using odbc to call stored procedures in a way similar to the small amount of sample code below:
OdbcCommand command = conn.CreateCommand();
command.CommandType = CommandType.StoredProcedure;
command.CommandText = "call proc(?, ?, ?, ?, ?, ?, ?, ?, ?)";
OdbcParameter param = new OdbcParameter("paraName", OdbcType.VarChar, 4);
param.Direction = ParameterDirection.Input;
command.Parameters.Add(param);
command.ExecuteNonQuery();
...and then accessing them like this:
command.Parameters["paraName"].Value;
This has been working great; except now I have encountered a situation where the stored procedure is attempting to return an entire table (instead of a single record) as one of its output parameters. How do I handle this? Is there a special Odbctype that I should be using? And then, how I access each record within the table once it has been retrieved?
Thanks!
|
|
|
|
|
Have you tried OdbcDataReader, DataSet or DataTable?
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not 'Eureka!' ('I found it!') but 'That's funny...’
|
|
|
|
|
Instead of an OdbcType? I actually have tried to store the value of the output parameter directly into a dataset and a datatable and it didn't work.
"Cannot convert System.Data.DataTable to System.Data.Odbc.OdbcType"
|
|
|
|
|
It doesn't work that way. If your server side SQL generates a result set (row[s] of data), instead of filling a series of output parameters, you need to provide a way to deal with the results.
A DataReader is a forward only, connected mechanism for dealing with a server side cursor. It can deal with single or multiple result sets, and you read a row at a time.
DataTables and DataSets are disconnected representations of resultsets - a DataSet is sort of an in-memory database which may represent one or many result sets in DataTables, and a DataTable (which exists in a DataSet) is an in-memory representation of a single result set.
If you're going to use a DataReader (the fastest of the bunch if forward only will do it for you), you should be able to use the ExecuteReader method to get the reader and begin dealing with the result set(s).
If you need to be able to randomly access rows from the result set(s), you may need to use a DataAdapter with your command to fill a DataSet or DataTable. This process is slower than using a DataReader (in fact it uses a DataReader behind the scenes to fill the data structures).
You can't, however, execute some SQL on the server that returns a result set, then stick the result set in an OUT parameter and assign it using ExecuteNonQuery or ExecuteScalar. There is no compatible managed type for doing something like that.
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not 'Eureka!' ('I found it!') but 'That's funny...’
|
|
|
|
|
The PictureBox control has a nice property SizeMode that allows you to stretch or shrink the image it displays. I need to shrink an number of images to be used within a TreeView, but I since I am not using a PictureBox, it seems I need to shrink the image first.
Can anyone suggest how I can do this in C#?
Thanks!
Mark
|
|
|
|
|
You'll need to create a new Bitmap that is the desired size and then draw the original image onto the new bitmap:
Bitmap smallImage = new Bitmap(desiredX, desiredY);<br />
<br />
using (Graphics g = Graphics.FromImage(smallImage))<br />
{<br />
g.DrawImage(originalImage, new Rectangle(0, 0, desiredX, desiredY), 0, 0, originalImage.Width, originalImage.Height, GraphicsUnit.Pixel);<br />
}
"I think I speak on behalf of everyone here when I say huh?" - Buffy
|
|
|
|
|
Hi All,
I have a requirement wherein a user wil enter the data into a asp.net webpage hosted by machine A.
Machine A needs to start a C# application(as a service) when data is received and read that data using the same C#.net application, which is processed later on.
My question is, how to read the data from ASP.NET into C# application. and how to automatically start the C# application(as a service) when data is entered into asp.net webpage.
Regards,
Prax.
|
|
|
|
|
I doubt that this is the best solution to your problem but it is one way that you might go about it.
First, I'll go over the service. I don't know why you would be starting this service frequently. If it starts and stops a lot then it perhaps should not be a service but just a regular application. Do you have a good reason for that? If in really needs to be a service I would just have some code that checks if it is running. If not, there is a program called installutil (it is a part of the .NET framework so it should be there on the machine already. Also, to start processes lookup System.Diagnostics ). You can use that program to install it. Then, you can put this code in your installer
<br />
private void serviceInstaller1_AfterInstall(object sender, System.Configuration.Install.InstallEventArgs e)<br />
{<br />
ServiceController sc = new ServiceController("The name of the service");<br />
if ( (sc.Status.Equals(ServiceControllerStatus.Stopped) ) )<br />
sc.Start();<br />
}<br />
That way, when you install the service it will start running.
Now, as to how no get the information to the service, that IS a bit tricky... What are you trying to get there? If you do end up using an application then you could consider passing it as a paramater? If you use a service... well, you could consider possibly using the MSMQ. Just serialise all your data and send it that way.
I hope this helps,
Please ask me if I can explain any of the stuff better!
Jim
Did I post well? Rate it! Did I post badly? Rate that too!
|
|
|
|
|
Hi Jim..
Thanks for the response. Let me put my question in the right way. A user enters some request in to a browser. The request/data has to be transferred from the asp.net application on the server to another application on the same web server. How could I do this? How can my asp.net application communicate with another C# application. (I guess thru sockets.) How cud I open and transfer data thru sockets from asp.net application??
u'r help is greatly appreciated.
Prax.
|
|
|
|
|
Hi,
In VS 2005, when you click the triangle of the 'Text' property of a TextBox, a multiline input box appears.
Does anybody know how to do this with a custom object which has a text property?
tia.
|
|
|
|
|
What is that custom object
|
|
|
|
|
Just a plain user defined object, with properties like 'Id', 'Name', 'Text', etc.
|
|
|
|
|
Hello,
I've serious problems with dataview/databindings.
Assume the following:
I've got 2 dialogs.
- The first one has a datagrid and five textboxes attached to a dataview.
- The second one is created by the first with a DataRowView-Object, and has five textboxes and
a scrollbar attached to this row.
i)
updating a textbox in my first dialog shows changes only if i activate the datagrid, and vice versa.
ii)
updating a textbox in the second dialog shows changes in first dialog only if i activate the controls, too.
iii)
if i use my scrollbars in the second dialog to change the bound values, i immediately see changes in my first dialog, but nothing happens in the second one.
iv)
if i change the textboxes in my second dialog, and then use the scrollbars, i see no changes after all...
could someone please check out the project, and write one/two sentences to my points? i'm getting mad on this.
thanks
michael
testproject
|
|
|
|
|
Can any one help to me in using RandomNumberGenerator class member functions. Early response is appreciated.
|
|
|
|
|