.NET applications are struggling with how to manage information that needs to be used in applications but cannot be shown to users.
For example, DB connection information is required for applications, but I don't want to show it to users.
I think encryption is good, but now it's a question of where to save the key.
Is there a good way to do it?
The following is a review.
·Include keys in assembly
→ You can check it with reverse assembling.
·Write the key in App.config and encrypt it with aspnet_regis
→ If you use aspnet_regis, you can decrypt it.
·Store the key in the key container
→ The application can use the key container value, which means that users can view it, so ×
It's not possible.
For example, DB connection information is required for applications, but I don't want to show it to users.
You may use the DbConnection class or its derived class (for example, SQL Server, for example, the SqlConnection class), but you can read the decrypted connection information by attaching the debugger and placing the breakpoint.
No encryption, not limited to DB connection information, is powerless against this method.
There may be special measures such as refusing to attach a debugger, but in the end, it's only a weasel.
It's not a rule, but all you want to do is run the information and processing on a separate server and communicate only input and output data with the client.
© 2024 OneMinuteCode. All rights reserved.