THis isn't a lame attempt to be funny, but what is this 'shared secret'
exactly? A license key?
Because as mentioned before, a secret that's shared isn't really a secret.
Could you explain some more details about what this secret is all about?
FB
> I can't use a network sub-folder but running a service as a specific user
> would at least let me use DPAPI to securely store data.
>
> Even if I have to have the service pass that data to my app it would still
> be better than hard coding it in the assembly.
>
> I'm not up on inter-application communication options in Windows. Does
> anyone know off-hand if there is a messaging mechanism that would tell me
> the path (to the exe) of the caller? If so then I could verify the hash of
> the calling application against a know value.
>
> At that point the only hole would be the admin's ability to change the
> service account's password and run some other app to access the data via
> DPAPI. Still a risk, but definitely an improvement.
>
> Thanks,
> -Mont
>
> ===================================
> This list is hosted by DevelopMentorR http://www.develop.com
>
> View archives and manage your subscription(s) at http://discuss.develop.com
===================================
This list is hosted by DevelopMentorĀ® http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
