views:

166

answers:

2

My .NET WinForms application connects to ftp server and downloads a file. To do that a password for the connection is required. The password should be stored in a configuration file, but it should be encrypted. The only solutions to do that that I've found include either securing whole config section (which is no use for me as in the appSettings section where the password is there is other data that needs to be changed manually) or using DPAPI (and it doesn't work too because passwords encrypted on my computer cannot be decrypted on the others and this is necessary). Are there any other techniques?

+2  A: 

You could encrypt and decrypt manually using a symmetric cipher inside your application (i.e. AES ), and have the encrypted password stored in the config file.

The problem of course with this is that you'll have to store the symmetric key that encrypts and decrypts the password inside your application, so anyone with any knowledge of crypto and .net would be able to reflect and reverse engineer your binary fairly easily - and get hold of the key and therefore the FTP password.

You could obfuscate your binary to make this more difficult.

Of course, the FTP username and passwords are sent in clear-text anyway (unless you are using ftps:), so anyone 'listening' to your app will figure out the username and password fairly quickly.

I guess it comes down to how secure you want this username and password in your application? This solution prevents those with prying eyes from getting hold of it, but not those that are determined.

Jayden
this security is enough - it is a simple inside-company app and there's no need for a very high security, just don't want to make the password lay there as plain text in config file
agnieszka
+3  A: 

You can encrypt specific portions of the .config file - for example, the <connectionstrings> section. This could hold the FTP password (though it's not really a connection string), and you can leave the <appSettings> section unencrypted.

Update: If you can't use <connectionstrings> either, you can create your own custom section and encrypt that.

Most of the resources tell you to use the ASP.NET aspnet_regiis tool. Here's an article which talks about encrypting sections for C# Windows applications, where using ASP.NET is not an option.

Further update: In a comment, you said

this security is enough - it is a simple inside-company app and there's no need for a very high security, just don't want to make the password lay there as plain text in config file

So then perhaps this solution would work for you.

Vinay Sajip
+1. Exactly what I was about to suggest!
Mitch Wheat
still - it's the whole section. what if i need to store other connection strings that could be changed manually?
agnieszka
Yea. Or have a separate config file for the password - then you can do whatever you want to the file - encrypt it, hide it somewhere else, even change security privilages for the file if possible/workable. Depends if your app needs to be distributed. Ultimately though, these are all vulnerable in one way or another, so I'd suggest looking at a different protocol (maybe SFTP), filtering connections by IP at the server, or looking at a different approach to how your data is retrived from the server.
can i create my own config section? i've always thought that in cofig file there can only be some specified sections allowed
agnieszka