I am working on a winform application that uses a config file to connect to my server. Now I want to make the IP address of my server ecrypted. So I put the ip address in the appSettings section and encrypted it using DataProtectionConfigurationProvider. I do the ecnryption process during the installation/deployment process. I want to know the following: 1) Can anyone, the user, decrypt appSettings in the config file? 2) If tomorrow I planned to change the ip address of my server, is there a way to update that at the user side using a patch rather than sending a new release, build.
Asked
Active
Viewed 4,586 times
1
-
do users have access to that .config file..? if not why encrypt it..? if you want to encrypt do a google search on how to encrypt configuration sections in C# – MethodMan Dec 29 '12 at 06:30
-
Yes, they do have access to it. It has the address of my server. I do not want them to know the ip address of my server easily. – Emo Dec 29 '12 at 06:41
-
how is it that they have access to your .config file just curious – MethodMan Dec 29 '12 at 06:51
-
It is a configuration file that they get along with the .exe – Emo Dec 29 '12 at 06:55
-
I know how to do that! my questions were the following:1) Can anyone, the user, decrypt appSettings in the config file? 2) If tomorrow I planned to change the ip address of my server, is there a way to update that at the user side using a patch rather than sending a new release, build. – Emo Dec 29 '12 at 06:59
-
If the user does not know the seed or key that you use they can't decrypt it.. also I believe that you can add this in the Settings.settings at runtime they won't have access to it.. – MethodMan Dec 29 '12 at 07:01
-
I read that if you encrypt using DataProtectionConfigurationProvider, the key is stored somewhere in the machine,local authority ..., So I was wondering who has access to this directory, is it only my application? If I want to change something in it later on, can I do that by sending a patch to the user? – Emo Dec 29 '12 at 07:05
1 Answers
1
In answer to your questions:
- Yes, you user will likely be able to decrypt it. With that encryption provider the key is tied either to the machine or a particular user (depending on the settings used). That is, if it is machine level, anyone on that machine would be able to decrypt it. Move it to another machine the correct key will not be there decrypt it.
- Yes it is possible. Without knowing your situation, deployment, and update facilities, it is impossible to tell you how exactly to do this. You have two main options.
(1) Decrypt the section, make the change, then re-encrypt; this would probably done with aspnet_setreg.exe, if applicable.
Or (2) work directly with an API that allows editing and saving of the encrypted section such accessing the file with ConfigurationManager.OpenMappedExeConfiguration
vossad01
- 11,552
- 8
- 56
- 109