|
P: n/a
|
Hi
I have the following problem. When starting my asp.net application, i read a
encrypted string from a file, decrypt it and want this values to be
available in the complete application. they should be stored in a global
variable, but it shouldn't be possible to modify this variable.
so what i tried first was using the application object to store that string.
that was fine, but the problem is, that it can be modified from outside, so
it's not good for my use.
next idea was to create a public string that returns the private string with
the get{} method. this works fine, but the problem is, where do i store the
string, that i don't lose it. i mean, how can i store the decrypted string
in the variable, without reading it each time from the file and decrypting
it. i want to store it in the private variable and it should always be
there, as long as the application is running.
any ideas?
Thanks
| |
Share this Question
|
P: n/a
|
Karl, thnanks for your answer. but as I see in your example, you add the
secret string to the application object? so that was what i was thinking,
that i have to add it there. there is no way to keep it in memory as
readonly. in the application_start i want to read the file, decrypt that
info, store it to a read-only global variable, that i can access from every
aspx page.
as i understand you, in the application_start i load the string to the
session variable (crypted) and each time i request the public readonly
variable, it will be decrypted.
right?
but in that case, people still can modify the application object and clear
the crypted string.
or do i missunderstand you?
thanks for your help
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:ei**************@TK2MSFTNGP11.phx.gbl... You shouldn't cary around sensitive data in the application object...it
gets dumped when page.trace=true.
you may want to look at this article (amongst others):
http://msdn.microsoft.com/asp.net/de...#c14618429_011
Finally, the quickest solution to your problem would be to cache (say in
the application variable if you can't find a better place) an instance the
object that contains your string..you can create the object, decrypt the
string, and store it in memory on application_Start
Dim SecretString as new MySecretStringObject
SecretString.Decrypt()
application.add("SecretString", SecretString)
As you can image, the decrypt function decrypts the string and stores it
in a private field. And you have a public readonly property to read from it.
Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch... Hi
I have the following problem. When starting my asp.net application, i
read a encrypted string from a file, decrypt it and want this values to be
available in the complete application. they should be stored in a global
variable, but it shouldn't be possible to modify this variable.
so what i tried first was using the application object to store that
string. that was fine, but the problem is, that it can be modified from outside,
so it's not good for my use.
next idea was to create a public string that returns the private string
with the get{} method. this works fine, but the problem is, where do i store
the string, that i don't lose it. i mean, how can i store the decrypted
string in the variable, without reading it each time from the file and
decrypting it. i want to store it in the private variable and it should always be
there, as long as the application is running.
any ideas?
Thanks
| |
|
P: n/a
|
you don't load the string in the application variable, you load the entire
object...which means the string is still private (or readonly via the
property). However, the object can still be removed...or replaced with
something else - as you've pointed out.
You could implement a readonly static field...but then you could get into
threading issues.
How about this:
implement a class with a single shared/statis function. something like
this:
public function GetSecret() as string
dim secret as string = cstr(cache("mysecretstring"))
if secret is nothing then
secret = DECRYPTSTRING() 'some private shared function
cache.add("mysecretstring", secret, New
System.Web.Caching.CacheDependency("FILETHATHOLDSY OURSTRING"),
Caching.Cache.NoAbsoluteExpiration, Caching.Cache.NoSlidingExpiration,
CacheItemPriority.Normal, Nothing)
end if
return string
end function
Yes, people can still manipulate teh cache and screw around with it...as far
as I know..there's no way to create a readonly cache...though atleast it's a
bit obfuscated. You've also moved the string away from the application and
into the cache..which I think is good.
There are callback methods you can use whenever the cache drops an
item..never used them..,maybe the could come in handy...dunno.
Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch... Karl, thnanks for your answer. but as I see in your example, you add the
secret string to the application object? so that was what i was thinking,
that i have to add it there. there is no way to keep it in memory as
readonly. in the application_start i want to read the file, decrypt that
info, store it to a read-only global variable, that i can access from
every aspx page.
as i understand you, in the application_start i load the string to the
session variable (crypted) and each time i request the public readonly
variable, it will be decrypted.
right?
but in that case, people still can modify the application object and clear
the crypted string.
or do i missunderstand you?
thanks for your help
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:ei**************@TK2MSFTNGP11.phx.gbl... You shouldn't cary around sensitive data in the application object...it
gets dumped when page.trace=true.
you may want to look at this article (amongst others): http://msdn.microsoft.com/asp.net/de...#c14618429_011
Finally, the quickest solution to your problem would be to cache (say in
the application variable if you can't find a better place) an instance the
object that contains your string..you can create the object, decrypt the
string, and store it in memory on application_Start
Dim SecretString as new MySecretStringObject
SecretString.Decrypt()
application.add("SecretString", SecretString)
As you can image, the decrypt function decrypts the string and stores it
in a private field. And you have a public readonly property to read from
it.
Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch... Hi
I have the following problem. When starting my asp.net application, i read a encrypted string from a file, decrypt it and want this values to be
available in the complete application. they should be stored in a
global variable, but it shouldn't be possible to modify this variable.
so what i tried first was using the application object to store that
string. that was fine, but the problem is, that it can be modified from
outside, so it's not good for my use.
next idea was to create a public string that returns the private
string with the get{} method. this works fine, but the problem is, where do i
store the string, that i don't lose it. i mean, how can i store the decrypted
string in the variable, without reading it each time from the file and decrypting it. i want to store it in the private variable and it should always be
there, as long as the application is running.
any ideas?
Thanks
| |
|
P: n/a
|
Karl, thanks for your help. The caching solution works fine for my needs and
was just a quick thing to implement.
So thanks for your great help
Patrick
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:%2***************@tk2msftngp13.phx.gbl... you don't load the string in the application variable, you load the entire
object...which means the string is still private (or readonly via the
property). However, the object can still be removed...or replaced with
something else - as you've pointed out.
You could implement a readonly static field...but then you could get into
threading issues.
How about this:
implement a class with a single shared/statis function. something like
this:
public function GetSecret() as string
dim secret as string = cstr(cache("mysecretstring"))
if secret is nothing then
secret = DECRYPTSTRING() 'some private shared function
cache.add("mysecretstring", secret, New
System.Web.Caching.CacheDependency("FILETHATHOLDSY OURSTRING"),
Caching.Cache.NoAbsoluteExpiration, Caching.Cache.NoSlidingExpiration,
CacheItemPriority.Normal, Nothing)
end if
return string
end function
Yes, people can still manipulate teh cache and screw around with it...as
far as I know..there's no way to create a readonly cache...though atleast it's
a bit obfuscated. You've also moved the string away from the application
and into the cache..which I think is good.
There are callback methods you can use whenever the cache drops an
item..never used them..,maybe the could come in handy...dunno.
Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch... Karl, thnanks for your answer. but as I see in your example, you add the
secret string to the application object? so that was what i was
thinking, that i have to add it there. there is no way to keep it in memory as
readonly. in the application_start i want to read the file, decrypt that
info, store it to a read-only global variable, that i can access from
every aspx page.
as i understand you, in the application_start i load the string to the
session variable (crypted) and each time i request the public readonly
variable, it will be decrypted.
right?
but in that case, people still can modify the application object and
clear the crypted string.
or do i missunderstand you?
thanks for your help
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:ei**************@TK2MSFTNGP11.phx.gbl... You shouldn't cary around sensitive data in the application
object...it gets dumped when page.trace=true.
you may want to look at this article (amongst others):
http://msdn.microsoft.com/asp.net/de...#c14618429_011
Finally, the quickest solution to your problem would be to cache (say
in the application variable if you can't find a better place) an instance the
object that contains your string..you can create the object, decrypt
the string, and store it in memory on application_Start
Dim SecretString as new MySecretStringObject
SecretString.Decrypt()
application.add("SecretString", SecretString)
As you can image, the decrypt function decrypts the string and stores
it in a private field. And you have a public readonly property to read from it.
Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch...
> Hi
>
> I have the following problem. When starting my asp.net application,
i read a
> encrypted string from a file, decrypt it and want this values to be
> available in the complete application. they should be stored in a
global > variable, but it shouldn't be possible to modify this variable.
>
> so what i tried first was using the application object to store that
string.
> that was fine, but the problem is, that it can be modified from outside, so
> it's not good for my use.
>
> next idea was to create a public string that returns the private string with
> the get{} method. this works fine, but the problem is, where do i store the
> string, that i don't lose it. i mean, how can i store the decrypted
string > in the variable, without reading it each time from the file and
decrypting > it. i want to store it in the private variable and it should always
be > there, as long as the application is running.
>
> any ideas?
>
> Thanks
>
>
| | This discussion thread is closed Replies have been disabled for this discussion. | |  Question stats - viewed: 2173
- replies: 3
- date asked: Nov 17 '05
|
