tags:

views:

151

answers:

2
Q: 

Security for a winform data?

Hi,

What is the best approach to secure winform data? In other words how to secure the data from hacking for winforms c# projects?

  1. There is a winform project with 25-30 forms. It stores data to the access DB.
  2. If i start writing encryption/decryption logic to all the forms its going to take much time.
  3. Is there any .NET dll/technique which can auto-encnrypt/decrypt before storing DB?
  4. Is there some efficient quick approach for this?

Thanks, Karthick

+2  A: 

As the comments have said, depends on what you're trying to secure.

If you're trying to secure access privileges, you could use Identity and Principals to determine thread based authentication, permissions and roles.

If you're storing sensitive strings in memory, use SecureString instead of a regular stings.

If you are referring to preventing someone from "cracking" your software, employ obfuscation software to hinder any would be attackers.

First you must define what area of security you are looking for, then it's just a matter of doing the research... or asking here!

Aequitarum Custos  2009-12-08 22:29:24
A: 

So if I understand correctly you want the data encrypted when you put it into the database and decrypted when you get it out again?

Firstly it is important to know who you are protecting the data from. Other users of the app? External people that might get access to the physical machine?

you should also probably have your code structured so that all access to the database goes through a single data layer. Perhaps single class or group of classes that do all of the data access code. This would mean that adding encryption and decryption as data goes into and out of your database would not be needed for all of your forms.

On the encryption side of things, you need to determine what you will use as the keys to encrypt your data. The fastest, and probably easiest, way to encrypt the data is with DPAPI through the Protected Data class.

The protected data class would allow you to encrypt the data so that it can only be decrypted on the same machine it was encrypted on, and an aditional value can be given so that only your app or something else that knows the extra value can decrypt it.

Another alternative may be to encrypt the entire database, though I am not sure what support Access has for this. Using the Encrypted File System and File.Encrypt might work if Access does not have anything built in.

These may or may not work for your scenario, it really depends on who you are trying to stop and how long you need to protect the data for.

Glenn Condron  2009-12-09 02:49:00

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?