473,382 Members | 1,420 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > encryption key/cache

Join Bytes to post your question to a community of 473,382 software developers and data experts.

Encryption Key/Cache

I would like to store some Role Information in a cookie since I cannot use
Session in the AuthenticateRequest method.

I thought of encrypting the cookie using Rijndael Algo. for provider. I
would generate a 16 character key store it as a Cached object and replace it
every 20-30 minutes, if the cookie data does not decrypt then simply reload
it because I would assume that key expired.

Is this a secure way of doing it?

--
Abdellah Elamiri
..net Developer
Efficacy through simplicity
Nov 18 '05 #1
2 892
It almost seems secure, but...
I question your logic of assuming the key is expired if it does not decrypt
(and accepting it anyway.)
Another reason the key might not decrypt is if someone has been tampering
with it. A hacker might attempt this. It seems they could put any value at
all into the cookie and then your code would assume it's good (but expired)
and then generate a new one.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"A. Elamiri" <abdellahDOTelamiriATclintonDOTedutNOSPAM> wrote in message
news:ej**************@TK2MSFTNGP10.phx.gbl...
I would like to store some Role Information in a cookie since I cannot use
Session in the AuthenticateRequest method.

I thought of encrypting the cookie using Rijndael Algo. for provider. I
would generate a 16 character key store it as a Cached object and replace it every 20-30 minutes, if the cookie data does not decrypt then simply reload it because I would assume that key expired.

Is this a secure way of doing it?

--
Abdellah Elamiri
.net Developer
Efficacy through simplicity

Nov 18 '05 #2
Thanks for the feedback

--
Abdellah Elamiri
..net Developer
Efficacy through simplicity
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:ew**************@TK2MSFTNGP09.phx.gbl...
It almost seems secure, but...
I question your logic of assuming the key is expired if it does not decrypt (and accepting it anyway.)
Another reason the key might not decrypt is if someone has been tampering
with it. A hacker might attempt this. It seems they could put any value at all into the cookie and then your code would assume it's good (but expired) and then generate a new one.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"A. Elamiri" <abdellahDOTelamiriATclintonDOTedutNOSPAM> wrote in message
news:ej**************@TK2MSFTNGP10.phx.gbl...
I would like to store some Role Information in a cookie since I cannot use Session in the AuthenticateRequest method.

I thought of encrypting the cookie using Rijndael Algo. for provider. I
would generate a 16 character key store it as a Cached object and
replace it
every 20-30 minutes, if the cookie data does not decrypt then simply

reload
it because I would assume that key expired.

Is this a secure way of doing it?

--
Abdellah Elamiri
.net Developer
Efficacy through simplicity


Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Oracle ODBC error with ENCRYPTION
by: Cliff | last post by:
We are trying to connect to 3 different Oracle databases using MS Access as the front-end and ODBC as the connection. The problem that we are having is that 1 of the databases requires a...
Oracle Database
0
Inmemory Encryption using Caching application block
by: roshmita | last post by:
The caching application block supports encryption of data in the Data Backing Store.Is it possible to encrypt the data in the memory(cache) using this block?If it is possible please tell me the...
.NET Framework
113
How good an encryption algorithm is this?
by: Bonj | last post by:
I was in need of an encryption algorithm to the following requirements: 1) Must be capable of encrypting strings to a byte array, and decyrpting back again to the same string 2) Must have the same...
C# / C Sharp
7
Any suggestions for what encryption method to use for sensitive database values?
by: Alan Silver | last post by:
Hello, I am writing a page where sensitive data is collected (over SSL) and stored in a database. I have been looking at the .NET encryption classes, but am a bit confused as to which is best...
ASP.NET
2
Encryption Expert Require
by: Sumit Gupta | last post by:
Can anyone please tell me how to encrpt string or any kind of Data. Also the Algorithm of Compression. Any Link tutorial etc. Like : Zip or RAR Formats etc.
Visual Basic .NET
9
how to encrypt a C data and write a bin file and read a bin at run time and decrypt C data
by: sweety | last post by:
Dear All, How to encrypt a C data file and make binary file and then have to read a bin file at run time and decrypt the file and have to read the data. Any help to achive this pls. Would be...
C / C++
4
Asymmetric Encryption
by: pintu | last post by:
Hello everybody.. I hav some confusion regarding asymmetric encryption.As asymmetric encryption it there is one private key and one public key.So any data is encrypted using private key and the...
ASP.NET
1
Configure SSL Encryption Strength
by: =?Utf-8?B?bWljcm9ob2Y=?= | last post by:
Short version: Is there a way to configure (preferably programmatically) the max encryption strength that will be used by the framework when connecting to a particular SSL-protected web service? ...
.NET Framework
11
Simple XOR encryption code issues (segmentation fault)
by: John Williams | last post by:
I've written a simple program to do XOR encryption as my first foray into understanding how encryption works. The code compiles fine, however it segmentation faults on every run. using gdb to...
C / C++
22
String Encryption Help
by: j1mb0jay | last post by:
I have had to create a simple string encryption program for coursework, I have completed the task and now have to do a write up on how it could be improved at a later date. If you could look...
C# / C Sharp
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!