Encrypt - Decrypt
-
i have to give my connection string to the other so they can connect to my database. i understand that this is not secure. so i'm working on a new application that encrypt my connection string, give it to the other, and decrypt it before connecting to my database. of course i didn't show the result of decryption. i need a suggestion, what encryption is best for this problem? thank you, Ahri
-
i have to give my connection string to the other so they can connect to my database. i understand that this is not secure. so i'm working on a new application that encrypt my connection string, give it to the other, and decrypt it before connecting to my database. of course i didn't show the result of decryption. i need a suggestion, what encryption is best for this problem? thank you, Ahri
Midnight Ahri wrote:
i need a suggestion, what encryption is best for this problem?
The problem with encryption is that you have to provide a mechanic for your app to decrypt it. That means that there's a key to the vault, hanging next to the vault. If the database is running on their system, and is filled with their data, who would be the legal owner of the database? Your best option for security would be to provide only access to some webservices, and not have the client interact with the database directly.
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
-
Midnight Ahri wrote:
i need a suggestion, what encryption is best for this problem?
The problem with encryption is that you have to provide a mechanic for your app to decrypt it. That means that there's a key to the vault, hanging next to the vault. If the database is running on their system, and is filled with their data, who would be the legal owner of the database? Your best option for security would be to provide only access to some webservices, and not have the client interact with the database directly.
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
thank you for the reply, let me explain my application in easier example, i'm working on address book application, i save telephone, name, address in my own database, i give this application to my friend, and he can save the data in his own database, my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.
Eddy Vluggen wrote:
and not have the client interact with the database directly.
usually i was given a corporate project (all client connects to server) but this time, i don't even understand why i'm given a project like this. and the worst one, user should be able to read the encryption. i've try googling, i found some encryption thats impossible to read. X|
-
thank you for the reply, let me explain my application in easier example, i'm working on address book application, i save telephone, name, address in my own database, i give this application to my friend, and he can save the data in his own database, my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.
Eddy Vluggen wrote:
and not have the client interact with the database directly.
usually i was given a corporate project (all client connects to server) but this time, i don't even understand why i'm given a project like this. and the worst one, user should be able to read the encryption. i've try googling, i found some encryption thats impossible to read. X|
Midnight Ahri wrote:
i give this application to my friend, and he can save the data in his own database,
my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.Aah, I misunderstood; you want to prevent users (like you) from reading other users' database (like your friends), correct? The database usually has a password, passed in the connectionstring. If the user could set his own password, you'd be out of trouble. Ask for the password on startup, and offer an option to "keep logged in", just like a webpage - that should do the trick.
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
-
Midnight Ahri wrote:
i give this application to my friend, and he can save the data in his own database,
my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.Aah, I misunderstood; you want to prevent users (like you) from reading other users' database (like your friends), correct? The database usually has a password, passed in the connectionstring. If the user could set his own password, you'd be out of trouble. Ask for the password on startup, and offer an option to "keep logged in", just like a webpage - that should do the trick.
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
thank you very much ! :thumbsup:
-
Midnight Ahri wrote:
i need a suggestion, what encryption is best for this problem?
The problem with encryption is that you have to provide a mechanic for your app to decrypt it. That means that there's a key to the vault, hanging next to the vault. If the database is running on their system, and is filled with their data, who would be the legal owner of the database? Your best option for security would be to provide only access to some webservices, and not have the client interact with the database directly.
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
Public key encryption solves the 'key in the vault' problem. Any situation where a key can't be exchanged securely offline first (which is most internet apps) means that you need a public key encrypted key exchange process to create an encrypted channel.