Is this web app or a windows app? One solution that I have come found simple when developing of the web server is the following:
Create a configuration component that is dedicated to reading a configuration file. Run the component in COM+ out of process. Create a user account that will be the user that the out of process COM+ application runs as. Log in as that user and encrypt the configuration file with windows file encryption. It is available through the advanced button of the file properties dialog.(Win2k and newer only) Log back out of course. Now you have an encrypted configuration file without any encryption code written. You will most likely want to set up some more security for access to the component such as role based security or Code access security such as restricting which components can create or access the secured method exposing the encrypted data. Well that might give you some ideas. -----Original Message----- From: dotnet discussion [mailto:[EMAIL PROTECTED]] On Behalf Of Farhan Sent: Saturday, May 11, 2002 6:38 PM To: [EMAIL PROTECTED] Subject: [DOTNET] Encrypt Key in the code It's sat night and i am getting brain dead. I am encrypting username and password using System.Security.Cryptography, but problem is that i have hard-coded Key in the code, which is not safe. How will i hide the Key from developers to see? You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
