Catalin
Reputation: 11731
Keeping sensitive data inside application code
I have an application build in asp.net mvc.
This application stores sensitive encryption keys used by various methods.
However, somebody can easily read the security keys i use if they open the application dll using .NET Reflector
My question is:
The only solution of keeping these keys really secure is to use an obfuscation tool?
Are there other solutions?
Upvotes: 1
Views: 870
Answers (1)
Martin Ernst
Reputation: 5679
You can encrypt and decrypt them using DPAPI (ProtectedData class in .NET).
Since this is a web app, you can even easier and transparently encrypt the web.config or sections of it
Upvotes: 3
Related Questions
- obfuscation .net project
- How can I protect/obfuscate/etc an ASP.NET MVC app's source code when deployed?
- how to write code in asp.net to stop reverse engineering of asp.net application
- How to sanitize/hide sensitive data in C#
- Protect source code of an ASP.NET website
- Protect the source code on delivery to client
- Obfuscating a .NET Web application
- reflection is possible on obfuscation
- Obfuscation in .NET: how is it done how secure is it?
- Obfuscation+Reflection