But wouldn't the windows service also have to have the key compiled into it,
and it would just put this out in a variable?
At some point, somewhere, you are going to have the key compiled into
something? Or in some sort of file or registry setting? It's got to to be
somewhere!
Are you worried about someone gaining access to your web server, and
decompiling your DLL's to see the key?
"MickyM" <ja******@gmail.com> wrote in message
news:11**********************@g43g2000cwa.googlegr oups.com...
The root of the problem is always more complicated. :) Here's the
real reason I need this and I probably need to post this in a different
group, but here goes:
We have 4 web servers that connect to our database servers. User
passwords and other data is stored encrypted in the database. In order
to decrypt the data, an encryption object is currently on each of the
web servers with the encryption key compiled into it. We were looking
for a more secure way of storing the encryption key. To be honest, I
think making the key available in a variable that is accessible is less
secure than having it compiled in the code.
Anyone have experience on this that can suggest how to keep the key
private and secure while having to make it available to code that is
run 24/7 without human intervention?
Does this make sense?
Thanks,
Micky