Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / September 2006

Tip: Looking for answers? Try searching our database.

.net 2.0 Interprocess CAS / Data Security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
John Comber - 14 Sep 2006 17:00 GMT
Hi,

I'm developing an app that will access secret info from a SQL Server db.  
The server component that accesses the db will be hosted on the same machine
as the db.  Client components will connect to the server component to
retrieve the secret.

Two questions:
1. Using CAS, is it possible to use LinkDemandChoice /
StrongNameIdentityPermission on interprocess / cross-machine calls? i.e. Is
it possible to only allow Strong Named clients to call the server component
even though they may be running on different machines?

2. Is it possible to use SecureString to transfer the data from the server
component to the client component, or is SecureString machine specific?

Any advice gratefully received.

Regards
John.
Reply to this Message
Joseph Bittman MVP MCSD - 24 Sep 2006 05:16 GMT
Sept. 23, 2006

Uhmmm... to your first question, my memory is hazy ... I think it is
possible to make sure the caller from another computer has a certain
permission, but I'm not sure whether this information is transmitted by
default through a web service or such.

Regarding your last question about SecureString... it is based on DPAPI
encryption, which is machine specific... each machine has a different key
combo to perform the encryption, which means you'd have to change the key on
each machine to be in-sync with each other... which would be a huge security
concern & risk.

Hope this helps!

Signature

                      Joseph Bittman
    Microsoft Certified Solution Developer
Microsoft Most Valuable Professional -- DPM

Blog/Web Site: http://CactiDevelopers.ResDev.Net/

> Hi,
>
[quoted text clipped - 19 lines]
> Regards
> John.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.