Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / February 2005

Tip: Looking for answers? Try searching our database.

Message/Password Encryption

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Andreas Zita - 19 Feb 2005 12:20 GMT
Hi!

I have a web service (c# .net 1.1) which is validating some credentials
before processing a certain request.

Initially I was only encrypting the accual passwordstring such as:

<password>encryptedpassword</password>

But when thinking about it I realized that this really approach really
doesnt help much since if a hacker sniffs this message he essentially has
the "magic word" needed to access my web service. He really doesnt need the
unencrypted password. Is this a correct conclution? Anyway, this led me to
encrypting the entire message instead ... (cant use SSL since the server
wont always to accessible for this kind of setup)

The real question: Where should I store the encryption key (TripleDES). At
the moment I store the key right in the code on both the client and the
server application. I have a feeling this is very bad. But where is the
right place to store enc.keys ?

/Andreas Zita
Reply to this Message
Softwaremaker - 19 Feb 2005 13:06 GMT
Have you taken a look at WS-Security ? WSE implements it.
http://msdn.microsoft.com/webservices/building/wse/

Signature

Thank you.

Regards,
William T (Softwaremaker)
http://www.softwaremaker.net/blog

Independent Microsoft Regional Director | Microsoft MVP - Solutions
Architect
======================================================

> Hi!
>
[quoted text clipped - 18 lines]
>
> /Andreas Zita
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.