By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,435 Members | 2,036 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,435 IT Pros & Developers. It's quick & easy.

variables / application[]-object

P: n/a
Hi

I have the following problem. When starting my asp.net application, i read a
encrypted string from a file, decrypt it and want this values to be
available in the complete application. they should be stored in a global
variable, but it shouldn't be possible to modify this variable.

so what i tried first was using the application object to store that string.
that was fine, but the problem is, that it can be modified from outside, so
it's not good for my use.

next idea was to create a public string that returns the private string with
the get{} method. this works fine, but the problem is, where do i store the
string, that i don't lose it. i mean, how can i store the decrypted string
in the variable, without reading it each time from the file and decrypting
it. i want to store it in the private variable and it should always be
there, as long as the application is running.

any ideas?

Thanks
Nov 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Karl, thnanks for your answer. but as I see in your example, you add the
secret string to the application object? so that was what i was thinking,
that i have to add it there. there is no way to keep it in memory as
readonly. in the application_start i want to read the file, decrypt that
info, store it to a read-only global variable, that i can access from every
aspx page.

as i understand you, in the application_start i load the string to the
session variable (crypted) and each time i request the public readonly
variable, it will be decrypted.

right?

but in that case, people still can modify the application object and clear
the crypted string.

or do i missunderstand you?

thanks for your help
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:ei**************@TK2MSFTNGP11.phx.gbl...
You shouldn't cary around sensitive data in the application object...it gets dumped when page.trace=true.

you may want to look at this article (amongst others):
http://msdn.microsoft.com/asp.net/de...#c14618429_011
Finally, the quickest solution to your problem would be to cache (say in the application variable if you can't find a better place) an instance the
object that contains your string..you can create the object, decrypt the
string, and store it in memory on application_Start

Dim SecretString as new MySecretStringObject
SecretString.Decrypt()
application.add("SecretString", SecretString)

As you can image, the decrypt function decrypts the string and stores it in a private field. And you have a public readonly property to read from it.

Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch...
Hi

I have the following problem. When starting my asp.net application, i read
a
encrypted string from a file, decrypt it and want this values to be
available in the complete application. they should be stored in a global
variable, but it shouldn't be possible to modify this variable.

so what i tried first was using the application object to store that

string.
that was fine, but the problem is, that it can be modified from outside,

so
it's not good for my use.

next idea was to create a public string that returns the private string

with
the get{} method. this works fine, but the problem is, where do i store

the
string, that i don't lose it. i mean, how can i store the decrypted

string in the variable, without reading it each time from the file and decrypting it. i want to store it in the private variable and it should always be
there, as long as the application is running.

any ideas?

Thanks


Nov 17 '05 #2

P: n/a
you don't load the string in the application variable, you load the entire
object...which means the string is still private (or readonly via the
property). However, the object can still be removed...or replaced with
something else - as you've pointed out.

You could implement a readonly static field...but then you could get into
threading issues.

How about this:

implement a class with a single shared/statis function. something like
this:

public function GetSecret() as string
dim secret as string = cstr(cache("mysecretstring"))
if secret is nothing then
secret = DECRYPTSTRING() 'some private shared function
cache.add("mysecretstring", secret, New
System.Web.Caching.CacheDependency("FILETHATHOLDSY OURSTRING"),
Caching.Cache.NoAbsoluteExpiration, Caching.Cache.NoSlidingExpiration,
CacheItemPriority.Normal, Nothing)
end if
return string
end function
Yes, people can still manipulate teh cache and screw around with it...as far
as I know..there's no way to create a readonly cache...though atleast it's a
bit obfuscated. You've also moved the string away from the application and
into the cache..which I think is good.

There are callback methods you can use whenever the cache drops an
item..never used them..,maybe the could come in handy...dunno.

Karl

"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch...
Karl, thnanks for your answer. but as I see in your example, you add the
secret string to the application object? so that was what i was thinking,
that i have to add it there. there is no way to keep it in memory as
readonly. in the application_start i want to read the file, decrypt that
info, store it to a read-only global variable, that i can access from every aspx page.

as i understand you, in the application_start i load the string to the
session variable (crypted) and each time i request the public readonly
variable, it will be decrypted.

right?

but in that case, people still can modify the application object and clear
the crypted string.

or do i missunderstand you?

thanks for your help
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:ei**************@TK2MSFTNGP11.phx.gbl...
You shouldn't cary around sensitive data in the application object...it

gets
dumped when page.trace=true.

you may want to look at this article (amongst others):

http://msdn.microsoft.com/asp.net/de...#c14618429_011

Finally, the quickest solution to your problem would be to cache (say in

the
application variable if you can't find a better place) an instance the
object that contains your string..you can create the object, decrypt the
string, and store it in memory on application_Start

Dim SecretString as new MySecretStringObject
SecretString.Decrypt()
application.add("SecretString", SecretString)

As you can image, the decrypt function decrypts the string and stores it

in
a private field. And you have a public readonly property to read from it.

Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch...
Hi

I have the following problem. When starting my asp.net application, i read
a
encrypted string from a file, decrypt it and want this values to be
available in the complete application. they should be stored in a global variable, but it shouldn't be possible to modify this variable.

so what i tried first was using the application object to store that

string.
that was fine, but the problem is, that it can be modified from

outside, so
it's not good for my use.

next idea was to create a public string that returns the private
string with
the get{} method. this works fine, but the problem is, where do i
store the
string, that i don't lose it. i mean, how can i store the decrypted

string in the variable, without reading it each time from the file and decrypting it. i want to store it in the private variable and it should always be
there, as long as the application is running.

any ideas?

Thanks



Nov 17 '05 #3

P: n/a
Karl, thanks for your help. The caching solution works fine for my needs and
was just a quick thing to implement.

So thanks for your great help

Patrick

"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:%2***************@tk2msftngp13.phx.gbl...
you don't load the string in the application variable, you load the entire
object...which means the string is still private (or readonly via the
property). However, the object can still be removed...or replaced with
something else - as you've pointed out.

You could implement a readonly static field...but then you could get into
threading issues.

How about this:

implement a class with a single shared/statis function. something like
this:

public function GetSecret() as string
dim secret as string = cstr(cache("mysecretstring"))
if secret is nothing then
secret = DECRYPTSTRING() 'some private shared function
cache.add("mysecretstring", secret, New
System.Web.Caching.CacheDependency("FILETHATHOLDSY OURSTRING"),
Caching.Cache.NoAbsoluteExpiration, Caching.Cache.NoSlidingExpiration,
CacheItemPriority.Normal, Nothing)
end if
return string
end function
Yes, people can still manipulate teh cache and screw around with it...as far as I know..there's no way to create a readonly cache...though atleast it's a bit obfuscated. You've also moved the string away from the application and into the cache..which I think is good.

There are callback methods you can use whenever the cache drops an
item..never used them..,maybe the could come in handy...dunno.

Karl

"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch...
Karl, thnanks for your answer. but as I see in your example, you add the
secret string to the application object? so that was what i was thinking,
that i have to add it there. there is no way to keep it in memory as
readonly. in the application_start i want to read the file, decrypt that
info, store it to a read-only global variable, that i can access from

every
aspx page.

as i understand you, in the application_start i load the string to the
session variable (crypted) and each time i request the public readonly
variable, it will be decrypted.

right?

but in that case, people still can modify the application object and clear the crypted string.

or do i missunderstand you?

thanks for your help
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:ei**************@TK2MSFTNGP11.phx.gbl...
You shouldn't cary around sensitive data in the application object...it
gets
dumped when page.trace=true.

you may want to look at this article (amongst others):

http://msdn.microsoft.com/asp.net/de...#c14618429_011
Finally, the quickest solution to your problem would be to cache (say in
the
application variable if you can't find a better place) an instance the
object that contains your string..you can create the object, decrypt
the string, and store it in memory on application_Start

Dim SecretString as new MySecretStringObject
SecretString.Decrypt()
application.add("SecretString", SecretString)

As you can image, the decrypt function decrypts the string and stores it in
a private field. And you have a public readonly property to read from it.
Karl
"Patrick" <pa********@bluemail.ch> wrote in message
news:10***************@fuchs.cyberlink.ch...
> Hi
>
> I have the following problem. When starting my asp.net application,
i read
a
> encrypted string from a file, decrypt it and want this values to be
> available in the complete application. they should be stored in a

global > variable, but it shouldn't be possible to modify this variable.
>
> so what i tried first was using the application object to store that
string.
> that was fine, but the problem is, that it can be modified from outside, so
> it's not good for my use.
>
> next idea was to create a public string that returns the private string with
> the get{} method. this works fine, but the problem is, where do i store the
> string, that i don't lose it. i mean, how can i store the decrypted

string
> in the variable, without reading it each time from the file and

decrypting
> it. i want to store it in the private variable and it should always

be > there, as long as the application is running.
>
> any ideas?
>
> Thanks
>
>



Nov 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.