i'm developing a .net winforms desktop application intended to be run at several bank's branches as a backup application whenever the main one (a web application) is unavailable due to connection issues with the bank's central node. The branchs themselves don't count with any enterprise services besides a SQL-Server database. For that reason, the application should be able to connect directly to the SQL-Server. My problem arises when I have to provide the application with a password to connect to the database:
1) Storing the password in clear text in a app.config file or similar is not an option (the customer requires the password to be encrypted)
2) Storing the password encrypted in a configuration file leads to the need of having an encryption key locally available. The encryption key could be just hardcoded in the application's code, but it would be easily readable by using a .net-decompiler or similar.
3) Using a custom algorithm to encrypt/decrypt wouldn't work either due to the same reasons as 2).
4) Integrated security is not supported by the bank
Additionally, the customers requires that they should be able to change the password in one location (within a branch) without the need to go from one computer to another updating config files (that rules out the possibility of using the machine's key to encrypt the password in individual machine's config files like asp.net does)
Would you provide any other approach or suggestion to deal with this problem?
I would appreciate any help.
Thanks in advance,
Bernabé
I don't think that encyrpting the password by any means is going to solve your problem. If the user has to send the password to server, and the password is located on the box, then by definition the user running the application must have access to the password and be able to decrypt it. Otherwise, you wouldn't be able to authenticate them. This means that there will always be a way for the user to get at the password, regardless of where you store it.
I can think of 2 ways that could possibly work, but I'm afraid they're not exactly what you're looking for.
Remove the requirement of having the
user send the password to the server
by using some sort of local proxy
(for example using a WCF windows
service) to take your winform
requests and then send them on your
behalf to the DB server. If you
install the service using an account
different from the user's account,
then you can secure the password by
any of the means mentioned in the other
answers. They key here is to make
sure the application user does not
have access to the resources that
the service account needs to decrypt
the password.
Don't store the password in the web config. Assign each user a different user account and password at the database level and have them type it in when they log in.
You could use the protected configuration built into .Net. See Encrypting Configuration Information Using Protected Configuration in the MSDN docs. One of it's raison d'etres was to encrypt data such as connection strings in config files.
You could
To use DPAPI to store a encryption/decryption key securely: How To: Use DPAPI to Encrypt and Decrypt Data
To install a SQL Server Compact Edition (or another small database) into your workstations and to synchronize data when your web application comes online again.
To ask for help inside that institution, as other people could have solved that problem and could to help you.
Definitely agree with the above regarding DPAPI. Microsoft's Enterprise Library makes this an absolute breeze too, so I would consider looking there first.
Related
"Issue description copied..."
I'm building a partner connector, which relies on a user name and password to connect to database (very similar to the existing Postgres / MySQL connectors provided by Google). In order to verify the credentials, I also need the database host information to be present in addition to username and password and this is the base of my problem.
The Google build connectors conveniently are allowed to collect user credentials and the database related information at the same time. Unfortunately, that doesn't seem to be the case for partner connectors as stated in the requirements
Point 5 "Use appropriate authentication method in getAuthType(). Do not request credentials via getConfig()."
The authentication itself happens before any other configuration details are known (there is just a dialog for username and password) and there doesn't seem to be a way to request additional information on the authentication screen itself. Once the credentials have been entered, the verification also happens immediately, before the configuration is being shown in the next step.
Once credentials are validated successfully, Datastudio then assumes the schema and data can be requested.This excludes the option of a dummy confirmation, because there doesn't seem to be a way to tell credentials are invalid and need to be changed after checking the other configuration details on the next screen.
That makes me unsure, how to determine valid credentials in my use case as I need to know the variable endpoint to authenticate against. I definitely want to avoid storing any user credentials myself in an external database, because this opens up another can of worms.
Has anyone successfully solved a similar issue before and can provide guidance here?
This is a known limitation of the authentication methods for Community Connectors.
A workaround would be to use authtype NONE and then request the credentials and database information in the config. This is, however, not a recommended approach.
I'm coding an AS3 AIR app that has an SQLite database. I'd like to encrypt the database so that the user can feel comfortable saving sensitive information in it ie if a hacker gains access to the user's database file remotely, they won't be able to load it into their own copy of the app to read the data. However, I don't want to make the user enter a password each time they use the app.
Is this possible, or is password authentication the only way please?
Encryption of database and access on platform are two different issues.
About access:
Your app can have a system to remeber, after you have installed, so you don't put anytime your password, because it know you.
About encryption:
You can encrypt your data with a secure algorithm, so you don't show in your table the real content but encrypted content. So when you show in your app the content, you must implement a decodifier of your data.
I have access to a SQL Server DB system that only allowed "Windows Authentication" - that is, use your windows login credential to access the data. (Not using a username-password). It also controls database permissions.
I want to build a REST API for users not familiar with SQL to get data from that server. The problem is, I need to take user's credential to execute the command, not the machine that hosts the REST API. How could I design the system that allow user to pass their login and let the API send query to the server using that specific login?
I found a reference from Microsoft, not sure if it's relevant.
https://learn.microsoft.com/en-us/sql/relational-databases/security/choose-an-authentication-mode?view=sql-server-2017
What you are after is Kerberos delegation, sometimes also known as "double hop". It is not something you have to explicitly implement in your code, as long as you stick with the Microsoft stack; rather, it is a matter of configuration.
This post describes the setup required for the feature to work in sufficient details. You can also find some basic requirements in this help article. For anything beyond that, just google it.
For my Next Project (web + electron + ionic),
I want to use angularjs but don't want to use nodejs and for database.
I am thinking about pouchdb or google-firebase.
Now security is an issue for my database. like i have to connect with my database using angular because i will not use nodejs.
So i have to put my username and password on connection.
will my username and password secure ?
I am thinking that anyone who press Ctrl+u or from dev tool can see my user access.
Any suggestions ?
try angularfire2 library for firebase using this library no needed nodejs or any backend server. it's directly communicate with firebase.here is library
https://github.com/angular/angularfire2
I am afraid that you can't do that, you need some server side application to connect with the database in a secure way.
There is some gold rules you must always follow:
There is no security from the client side.
Never trust on information that comes from the client, even if you think it's validated.
For the security purpose, you can go with firebase auth
these are many secure login methods like
-FirebaseUI
-Password-Based
-Facebook
-Google.. etc
reference link- https://firebase.google.com/docs/auth/web/start
If you are planning to use firebase for the huge database then one thing keep in mind firebase is not designed for the huge database it's limited.You can't compare firebase to SQL n MySQL etc databases. Firebase specifically designed for small databases.
If you grant write access for your chat clients by one hardcoded credentials (really easily get known) - you are on very dangerous side: one can quickly fill your DB with tons of garbage. There is no harm to hardcode read credentials (in order to separate access to different server DBs, i.e.) but for write ones you definitely need registration, which means Node or something. It will handle new users creation and give you ability to block unwanted client behaviour, just in case.
I am using Entity Framework and have the same model on many databases and servers. I want to set my connection string at runtime based on the logged in user. I am currently overriding CreateObjectContext() in my DomainService and setting the connection string there. This works great, but I'm concerned with the lack of security. For example, in my DomainService, I have an invoke method called SetConnectionString() where I pass in the connections string each time I need a new Entity. This is being done from the DomainContext (client side). Since I am using SQL Integrated Security, I am concerned that someone could manipulate the connection string on the clinet and get access to a database that they are not authorized to use.
What is the most secure way to dynamically set the connection string for the domain entity I want to use at runtime?
I do have the database name and server settings in a database that I could look up from the DomainService if I passed in my project id or some other piece of information, but I am then right back to the same issue - someone could easily spoof this info.
Ideas??
-Scott
Hopefully my answer is relevant as the same security issues are faced by flash developers...
The only way to make this really secure ("this" being database connections from your client side code) is to make each user only have read-only access to their data in the database.
As you are realizing, there is no way to stop the user from monitoring/modifying data that you are sending back to the server. Even if you encrypt the communication, the user still has access to the code and in the case of flash, source code due to trivial decompilation.
I am not a DB developer, but I do security audits of stuff like you are asking often, so the following advice could be wrong, but I just googled, and it seems like maybe you could use views to restrict users (sets of credentials) to specific information.
If not, this article seems relevant to what you want:
http://technet.microsoft.com/en-us/library/cc966395.aspx
What about using the ASP.NET membership framework? Tie the user login with a Login call in the framework to make sure the user an authorized user. Add a "RequiresAuthentication" attribute to each of the functions you want to protect in your domain service.
Here are more details on using ASP.NET membership with Silverlight: WCF RIA Services - Authentication, Roles, and Profiles