Daniel, Not sure I could use that as the work could be distributed over a range of computers, and they will all need to be able to decrypt the password and impersonate that user. Might be possible if they were all running as the same user, but I know that this cannot happen because the web server is not part of the domain, so it could not log in using a domain account.
Dino -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Barla-Szabo Sent: Tuesday, 9 October 2007 19:29 To: [email protected] Subject: Re: [ADVANCED-DOTNET] Storing passwords securely - or can I do something else? I don't really know of a secure store that would suit your needs. The closest thing I can think of is the ProtectedData class (under System.Security), which has the benefit of not requiring you to store the cryptographic keys yourself (instead, the OS / logged in user's cryptographic keys are used, if I understand correctly). I'm not sure how this ranks in terms of security in the eyes of the experts, but I'm pretty sure it's better than trying to "roll your own" encryption, or even using one of the existing algorithms and then having the master keys lying around in a config file or hard-coded. -- Daniel -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Dean Cleaver Sent: 09 October 2007 06:49 AM To: [email protected] Subject: [ADVANCED-DOTNET] Storing passwords securely - or can I do something else? As part of an automation system I've written, I'd like to be able to specify the account that certain jobs are executed under - but to do so, I presume I would need to store the username and password in the database - something I'm not overly keen on even if the passwords are encrypted. Given the flexible nature of the system, there's not a lot of other choices left to me. Or is there some other token I can store that I can use? Dino This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
