On Thu, 27 Mar 2008 17:24:31 -0700, Mont Rothstein <[EMAIL PROTECTED]> wrote:
> I consider in-the-assembly to be readily available. What you want is for your application to have access to a secret but not the users of your application, right? As in, the application can retrieve the password, but it can't be done by someone snooping around? This sounds counter-intuitive to how computer applications normally work. After all, when you run Microsoft Paint, all operations the application performs (including decrypting data using DPAPI) are essentially done "on your behalf", aren't they? It sounds like this needs a different approach, perhaps like the one that was suggest by Harley, Chay. A really awkward solution could perhaps be installing a service running as a user you create using a random not-remembered password, giving only that service account access to the secret, and then instructing the service to do things based on the secret, like send a signed message across a wire. Would that accomplish what you're after? =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
