Reputation: 91
I'm currently working on a Windows Application Project and I have two problems in securing data.
First,I need to make a file that store a password as string which the user should enter it every time the main form loads, I tried many ways but each one has a problem:
Hashing the string and save it in a file, so every time user enter the password the input password will be hashed and compared with the hashed string
Problem: Decompiling the application let anyone see the hashing method and file location, so he/she can create text file with hashed value of any string like 0000 and replace that file with my application file, then use the 0000 to open the application
Using encryption algorithm with custom encryption key
Problem: key can be accessed after Decompiling the application
The other problem is for connection string of an online MySql Database that used in the application but I do not want any user see the connection string:
Encrypting the connection string with DataProtectionConfigurationProvider
Problem: other machines can't decrypt and use the string
Encrypt and save the connection string in a file and decrypt and use that file when application load
Problem: Decryption method can be known from source code after Decompiling
Is there anyway I can use except Obfuscating the source code? I mean like storing these sensitive data in a file that can be read/written by my application only?
Feel free to write any advice about my problems and Thanks in advance
Upvotes: 2
Views: 1128
Reputation: 485
Try to save your files with hashed passwords in the web with read-only permissions. Or use dll written using unmaneged code (c++)
Upvotes: 1