On Wed, 25 Apr 2007 16:13:34 +0100, "SeeSharp Bint"
<SeeSharp@nospam.comwrote:
Quote:
>Visual Studio 2005, dotnet, c#. Microsoft SQL Server. Windows XP forms
>application.
>
>Temporarily, for my database application, I have been storing the various
>elements of database connection items like datasource,password,userid as
>plain strings in the registry.
>I'd now like to make these secure against people reading them.
How secure and against what people? ROT-13 or Base64 are far from
secure but can prevent casual browsing. System.Security.SecureString
might be of use to you as well. For more than that use AES (=
Rijndael) in CBC or CTR mode.
Quote:
>I thought of encrypting/decrypting each string when i write to the registry
>but I wouldnt know where to find a useable algorithm.
>What's the easiest, secure way to store these values please?
Either SecureString or one of the built-in encryption methods, AES for
preference. You may need Base-64 to avoid problems with non-printing
characters if you use AES.
Quote:
>
>Also, I download images from the database and cache them on each local
>machine in a data directory so there's no bandwidth hogging.
>At the moment they sit there as .jpg,*.bmp files and can be viewed just by
>opening them.
>What would be a sensible way of encrypting these?
AES again, in either CBC or CTR mode.
rossum
