473,326 Members | 2,090 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Encrypting Data

All - I have an app that saves data to a xml file via a dataset. Our company stores some data in various xml files that is now considered a risk under its security policy. What's the best way to encrypt and decrypt the data in the file.

I use a dataset to load data to my forms and commit changes to the dataset and then write it to the xml file.

Thanks,
Brian
Jul 21 '05 #1
9 1811

"Brian P. Hammer" <bhammer@le "DASH" aviation.com> wrote in message news:%2***************@TK2MSFTNGP09.phx.gbl...
All - I have an app that saves data to a xml file via a dataset. Our company stores some data in various xml files that is now considered a risk under its security policy. What's the best way to encrypt and decrypt the data in the file.

I use a dataset to load data to my forms and commit changes to the dataset and then write it to the xml file.

Thanks,
Brian

That depends on how you use these files. You can encrypt the entire file or individual elements. I need to know more to give a descent advice.

/Fredrik
Jul 21 '05 #2
To control access to the files on disk, you could enable EFS on the file
system. That will keep prying eyes from being able to examine the files on
the drive.

To transmit the data using Web Services, look at WS_Security.
--

Chris Rolon
"Brian P. Hammer" <bhammer@le "DASH" aviation.com> wrote in message
news:#S*************@TK2MSFTNGP09.phx.gbl...
All - I have an app that saves data to a xml file via a dataset. Our
company stores some data in various xml files that is now considered a risk
under its security policy. What's the best way to encrypt and decrypt the
data in the file.

I use a dataset to load data to my forms and commit changes to the dataset
and then write it to the xml file.

Thanks,
Brian
Jul 21 '05 #3
We use the files to track market values of some aircraft. Each customer has a different file/xml data file. Internally, the files are stored on a secure file server with permissions. The real case is that sometimes, the files are emailed and found on client workstations. As you know, you can open the file with a text editor or browser.

The files can be saved from and opened with our application. It is not the element that is the problem, it's the data within the element. For example, some files contain how much they paid for the asset and which executives use it. This is the type of data I want to scramble so that it appears meaningless.

Thanks,
Brian

"Fredrik Wahlgren" <fr****************@mailbox.swipnet.se> wrote in message news:%2***************@tk2msftngp13.phx.gbl...

"Brian P. Hammer" <bhammer@le "DASH" aviation.com> wrote in message news:%2***************@TK2MSFTNGP09.phx.gbl...
All - I have an app that saves data to a xml file via a dataset. Our company stores some data in various xml files that is now considered a risk under its security policy. What's the best way to encrypt and decrypt the data in the file.

I use a dataset to load data to my forms and commit changes to the dataset and then write it to the xml file.

Thanks,
Brian

That depends on how you use these files. You can encrypt the entire file or individual elements. I need to know more to give a descent advice.

/Fredrik
Jul 21 '05 #4
Sorry, this won't work as the files can be copied form the server and
emailed. Thanks....

"Chris Rolon" <ch*********@removethis.neudesic.com> wrote in message
news:ev**************@TK2MSFTNGP14.phx.gbl...
To control access to the files on disk, you could enable EFS on the file
system. That will keep prying eyes from being able to examine the files on
the drive.

To transmit the data using Web Services, look at WS_Security.
--

Chris Rolon
"Brian P. Hammer" <bhammer@le "DASH" aviation.com> wrote in message
news:#S*************@TK2MSFTNGP09.phx.gbl...
All - I have an app that saves data to a xml file via a dataset. Our
company stores some data in various xml files that is now considered a
risk
under its security policy. What's the best way to encrypt and decrypt the
data in the file.

I use a dataset to load data to my forms and commit changes to the dataset
and then write it to the xml file.

Thanks,
Brian

Jul 21 '05 #5
Hi Brian,
you can encrypt the important information by using classes in
System.Security.Cryptography namespace. If there are large data, you
can use symmetric algorithms, for example Rijndael, with unique secret
key for encrypt/decrypt. Note that is most important to protect key,
more than the type of used algorithm. I suggest you the use of
asymmetric algorithm for to protect symmetric algorithm's secret key.
you can start here:
http://msdn.microsoft.com/library/de...icServices.asp

HTH

Jul 21 '05 #6
Fabio - Thanks for the feedback. Looks like the msdn article will be
helpful.

Regards,
Brian

"Fabio Cozzolino [MCAD]" <co*************@gmail.com> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com...
Hi Brian,
you can encrypt the important information by using classes in
System.Security.Cryptography namespace. If there are large data, you
can use symmetric algorithms, for example Rijndael, with unique secret
key for encrypt/decrypt. Note that is most important to protect key,
more than the type of used algorithm. I suggest you the use of
asymmetric algorithm for to protect symmetric algorithm's secret key.
you can start here:
http://msdn.microsoft.com/library/de...icServices.asp

HTH

Jul 21 '05 #7
Fabio Cozzolino [MCAD] wrote:
Note that is most important to protect key,
more than the type of used algorithm. I suggest you the use of
asymmetric algorithm for to protect symmetric algorithm's secret key.

Just a note..

When you use encryption (at most in this situation) you're basically
exchanging a big secret (the data you want to protect) with a little
secret (the key). Therefore you still have a secret to store..

Encrypting your symmetric key with a asymmetric key still requires you
to store a secret, and it's not always the best option.
A symmetric key can be just a hash (see HashAlgorithm-class) of a
pass-word/-phrase - and while it's properly possible to make this work
with a asymmetric key as well, it's more complicated.

But the asymmetric approach is often used (in NTFS's EFS among others)
when you have more users that require access to the same file: on NTFS
the file (the data) is encrypted by a symmetric key, which in turn is
encrypted with each users asymmetric key.

And a finally: you shouldn't encrypt non-random data with a asymmetric
cipher, because in some algorithms this weakens the key (RSA included).

HTH

Jul 21 '05 #8
Morten, can you expand on this comment, please. I have never heard this
before. I'm completelt satisfied with a URL.
And a finally: you shouldn't encrypt non-random data with a asymmetric
cipher, because in some algorithms this weakens the key (RSA included).

/Fredrik
Jul 21 '05 #9
Morten - Guess I still need to do lots of reading.... The company said
"can't you just turn letters into number and numbers into letters?" This is
easy to do and easy to figure out. I have several websites marked for
reading. Homework for this evening.

Thanks,
Brian

"Morten Dahl" <da**@cs.aau.dk> wrote in message
news:42***********************@news.sunsite.dk...
Fabio Cozzolino [MCAD] wrote:
Note that is most important to protect key,
more than the type of used algorithm. I suggest you the use of
asymmetric algorithm for to protect symmetric algorithm's secret key.


Just a note..

When you use encryption (at most in this situation) you're basically
exchanging a big secret (the data you want to protect) with a little
secret (the key). Therefore you still have a secret to store..

Encrypting your symmetric key with a asymmetric key still requires you to
store a secret, and it's not always the best option.
A symmetric key can be just a hash (see HashAlgorithm-class) of a
pass-word/-phrase - and while it's properly possible to make this work
with a asymmetric key as well, it's more complicated.

But the asymmetric approach is often used (in NTFS's EFS among others)
when you have more users that require access to the same file: on NTFS the
file (the data) is encrypted by a symmetric key, which in turn is
encrypted with each users asymmetric key.

And a finally: you shouldn't encrypt non-random data with a asymmetric
cipher, because in some algorithms this weakens the key (RSA included).

HTH

Jul 21 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: steve | last post by:
Hi, I know there are a few free and paid php source code encryption scripts around. Has anyone used one, and any feedback? I am interested in encrypting source that is placed on a remote host....
12
by: kimi | last post by:
Hello, I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have been working with SQL Server, Building ASp WebSites for many years now. I am by no means an expert - nor have I had...
0
by: everpro | last post by:
Hello, I am trying to determine how to figure out the following: 1) If our DB2 Connect Gateway is encrypting userids, passwords AND data or not. 2) If not, how do I enable encryption. ...
1
by: jimfortune | last post by:
This idea is still in the process of formulation. I'm considering the idea of storing encrypted data in memo fields. Since the data is for internal use only I don't think the legal limits on...
9
by: Brian P. Hammer | last post by:
All - I have an app that saves data to a xml file via a dataset. Our company stores some data in various xml files that is now considered a risk under its security policy. What's the best way to...
7
by: Richard L Rosenheim | last post by:
Anyone care to express their two cents over pros and cons of encrypting the data being transmitted (within the SOAP package) versus just utilizing a HTTPS connection? Richard Rosenheim
2
by: Parrot | last post by:
I cannot get an answer as to why my session state no longer remains active between webpages after working for 2 years. So I want to try to pass data thru query strings in my url. I tried to use...
2
by: SeeSharp Bint | last post by:
Visual Studio 2005, dotnet, c#. Microsoft SQL Server. Windows XP forms application. Temporarily, for my database application, I have been storing the various elements of database connection...
3
by: Tery | last post by:
I'm trying to implement the Handango.com HTTP POST registration method. The instructions are here: http://www.handango.com/marketing/developerTeam/HTTP_Post_Reg_Model_How2.doc I'm stuck on how...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.