I need to securely store a customer / password combination on the client.NET application (Outlook Adin).
Encryption is required to be reversible, and I would be happy to avoid saving an encryption key in my code, as it is easy to get through disassembly.
In fact, I'm the one - like the API to send the encryption to Windows.
Any sign on this issue?
If you have access to .NET 4.0, then I recommend the ProtectedData class which is the window DPAPI , Is the recommended method of encrypting data on client machines in windows. Otherwise you can do DPAPI P / P directly to do this.
Please note that if you want to prevent the user from reading the password, it can not really stop them. DPAPI will not be able to stop them if they have access to their system. The best bet is to not store the password to everyone and ask them to login, or if you can connect with something that uses SSPI to integrate the integrated window, then you have the best solution is.
But it is difficult to know what you are trying to achieve, without what you need.
Comments
Post a Comment