Security Data Acess Block and Config File!

Topics: Data Access Application Block
Mar 21, 2008 at 9:47 PM

entreprise library can open all config files how could I put restriction on opning config files
so that you can not open file only if you are autheticated or have the right to open it ?

I am having .sdf Database that I encrypted I am calling connection string using entreprise library
connection string is enrypted using entLib RSA now all looks good. Imagine I deploy my project into machine
this one will be stolen then this person willbe stuck not being able to tell what is in the config or in db but
if this person installs entlib opens .config file trough entlib this person will be able to see connection string
in none encrypted way.

I want solution to this problem and this is why I tought about restriction in opening config files
please let me know if you have any suggestion, thanks
Mar 25, 2008 at 1:14 AM
Hi,

The information necessary to decrypt configuration is not on the enterprise library configuration tool but on the host where the applications run. Even if the attacker gets the files, he won't be able to decrypt them unless he also gets and installs the keys.

Are you describing a hypothetical situation, or have you tested this scenario and found that you could decrypt the configuration file?

Fernando
Mar 27, 2008 at 7:37 PM

Hello

You are right for host solution it is good. I am working on an application that will be used in local
machine without connection to a server. I know in this case is difficult to keep away from hackers
but I find way I don't pass the password on the connection string and I use Hashing 512 so all
is ok for now. Still, I think that enterprise library could be improved for better disconnected
security.

Cheers



Mar 27, 2008 at 11:51 PM
Hi Mr Hachem,

I still cannot understand exactly what kind of improvement you're looking for.

Regardless of whether you connect to a server or not, encrypted configuration can only be decrypted if the user has access to the appriate keys.

Fernando