Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470379308
Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
Cover image for product 047041569X
LINQ-ifying TheBeerHouse: An N-Tier LINQ Web Application with ASP.NET 2.0 Website Programming Problem Design Solution
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

security_vb thread: application security

Message #1 by "Munawar Esmail" <me38009@n...> on Tue, 16 Oct 2001 20:10:30
Hey Eric,
Thanks for your help.  However, I have always been curious about how to 
reverse a .dll.  Can you please advise.  Thanks in advance.



> Two thoughts on your problem.
> 
> 1.  Never put passwords in an unencrypted text file.  You are asking for
> problems.
> 2.  A user can reverse compile a .dll and get passwords.  This is
> potentially insecure.
> 
> Given the above, either solution can cause problems.  A third solution 
is to
> store the data in an encrypted text file (using strong encryption of 
course)
> and decrypt the text from inside the application to get the 
information.  Of
> course a user could reverse engineer the application, determine the
> algorithm used and the password and get the decrypt the text file.  The
> solution just depends on how secure you need to be.
> 
> You could always just force the user to type the user name and password 
for
> their accounts.  Of course, user's write that information down and 
someone
> could find it .....
> 
> Anyway, I hope this helps.
> 
> Eric Budd
> 
> ----- Original Message -----
> From: "Munawar Esmail" <me38009@n...>
> To: "Security_VB" <security_vb@p...>
> Sent: Tuesday, October 16, 2001 08:10 PM
> Subject: [security_vb] application security
> 
> 
> > Hello All,
> > I am in the process of designing a VB application system.  The 
application
> > accesses the Oracle database to do some operation.  Since this is a 
global
> > application, it will have more than 1 phsical location with each 
location
> > having username/password for each database.  In addition, there will be
> > three databases(Development, Testing and Production) for each 
location.  I
> > need an idea on how to design this securely.  In the past, I have done 
two
> > things:
> > 1) Put the username and password for the database connection in a text
> > file and a VB code would read it depending on the location and 
environment
> > desired.  This text file would be placed in some location on the NT
> > server.  The advantage to this was that the username/password would be
> > easy to change for the admin.  The disadvantage would be it is easier 
to
> > find out where the file is located from the VB code.
> >
> > 2) Put the username and password in a dll.  This was cool as no one can
> > read this.  Issues propped up when the admin wants to change username 
and
> > password often as this dll was dependent on many other dlls and exes 
and
> > would lead to re-compiling everything too many times.  This would be a
> > headache.
> >
> > I need some ideas on doing this differently and effectively.  Please
> > help.  Thanks in advance.
>

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy