Securing a password in source code?

by

Don’t store you password in your source code, store it in a protected section within you App.Config (or Web.Config).

See Encrypting Configuration File Sections Using Protected Configuration section in this Microsoft Doc

This works by encrypting the encryption keys using built-in Windows stuff, locked to the MAC address and various other undocumented things.

This will even work if you are using more than one server:

… if you are planning to use the same encrypted configuration file on multiple servers, such as a Web farm, only the RsaProtectedConfigurationProvider enables you to export the encryption keys used to encrypt the data and import them on another server.

Using this, if someone wanted to get your password, they would have to first break the Windows security on your server (not impossible, but harder than looking into your IL for the password by far).

More Related Contents:

  1. What are good ways to prevent SQL injection? [duplicate]
  2. JWT authentication for ASP.NET Web API
  3. Why is JsonRequestBehavior needed?
  4. ASP.NET Identity’s default Password Hasher – How does it work and is it secure?
  5. How to securely save username/password (local)?
  6. Requested registry access is not allowed
  7. Is SecureString ever practical in a C# application?
  8. How can I obfuscate my c# code, so it can’t be deobfuscated so easily? [closed]
  9. Restrict access to a specific controller by IP address in ASP.NET MVC Beta
  10. MD5 hash with salt for keeping password in DB in C#
  11. In .NET/C# test if process has administrative privileges
  12. Storing credit card details
  13. Does using parameterized SqlCommand make my program immune to SQL injection?
  14. How to use a client certificate to authenticate and authorize in a Web API
  15. Encrypting credentials in a WPF application
  16. Best way to store encryption keys in .NET C#
  17. How do I get the currently loggedin Windows account from an ASP.NET page?
  18. Child actions are not allowed to perform redirect actions, after setting the site on HTTPS [duplicate]
  19. How to convert SecureString to System.String?
  20. How to access the stored credentials (PasswordVault?) on Win7 and Win8?
  21. Exploitable C# Functions [closed]
  22. Access files from network share in c# web app
  23. Compare password hashes between C# and ColdFusion (CFMX_COMPAT)
  24. C#.NET: Acquire administrator rights?
  25. Store sensitive information inside keepass database from c#
  26. RSA read PublicKey
  27. Shredding files in .NET
  28. Block requests after multiple unsuccessful logins
  29. difference between http.context.user and thread.currentprincipal and when to use them?
  30. Best way to restrict access by IP address?

Leave a Comment