A
AlexW
I'm very surprised MS would allow app and user config files to be
easily read via text editors to view passwords, server names etc
without including encryption support.
I've searched the groups with no real good solution or at least one
that a few peers seem to value.
Trusted connection is out of the question due to the nature of the
application so a sql server user account is needed. Anyway, I need
feedback on this methodology.
If I elect to encrypt the default values and future values for the
user config entries and have the app at runtime encrypt and decrypt
values and my encryption key is hardcoded. Would this at least be
somewhat secure since the key is compiled into the exe, I understand
that some savvy nerd could reverse engineer the exe, but obviously I'm
not writing something for the defense department. It's just way too
easy for a user to locate the config files and snoop up the server and
catalogs names, not to mention the passwords etc..
Thanks for any help. Happy New Year.
Alex.
easily read via text editors to view passwords, server names etc
without including encryption support.
I've searched the groups with no real good solution or at least one
that a few peers seem to value.
Trusted connection is out of the question due to the nature of the
application so a sql server user account is needed. Anyway, I need
feedback on this methodology.
If I elect to encrypt the default values and future values for the
user config entries and have the app at runtime encrypt and decrypt
values and my encryption key is hardcoded. Would this at least be
somewhat secure since the key is compiled into the exe, I understand
that some savvy nerd could reverse engineer the exe, but obviously I'm
not writing something for the defense department. It's just way too
easy for a user to locate the config files and snoop up the server and
catalogs names, not to mention the passwords etc..
Thanks for any help. Happy New Year.
Alex.