I have a client app that needs to save a username/password for an SMTP Server. This data will be going into SQL Server 2005, and consumed by my server app. The server app will use the System.Net.Mail namespace to send e-mail messages using the supplied credentials (and from that user's e-mail address). How can I encrypt/decrypt the password easily/securely so that I don't have plain-text passwords flying across the wire? Note that the client and server apps are NOT guaranteed to be on the same computer.
我有一个客户端应用程序需要保存SMTP服务器的用户名/密码。这些数据将进入SQL Server 2005,并由我的服务器应用程序使用。服务器应用程序将使用System.Net.Mail命名空间使用提供的凭据(以及该用户的电子邮件地址)发送电子邮件。如何轻松/安全地加密/解密密码,以便我没有通过网络传输的纯文本密码?请注意,客户端和服务器应用程序不保证在同一台计算机上。
1 个解决方案
#1
There is whole encryption namespace in .NET - System.Security.Cryptography (example) So you can encrypt/decrypt the data on the client.
.NET中有完整的加密命名空间 - System.Security.Cryptography(示例)因此,您可以加密/解密客户端上的数据。
Now how to store the key to the cipher. This can be stored in app.config encrypted as described here. Note though, that if the user has admin access to the machine, they can decrypt the keys stored in your app.config.
现在如何将密钥存储到密码。这可以存储在如此处所述加密的app.config中。但请注意,如果用户具有对计算机的管理员访问权限,则可以解密存储在app.config中的密钥。
#1
There is whole encryption namespace in .NET - System.Security.Cryptography (example) So you can encrypt/decrypt the data on the client.
.NET中有完整的加密命名空间 - System.Security.Cryptography(示例)因此,您可以加密/解密客户端上的数据。
Now how to store the key to the cipher. This can be stored in app.config encrypted as described here. Note though, that if the user has admin access to the machine, they can decrypt the keys stored in your app.config.
现在如何将密钥存储到密码。这可以存储在如此处所述加密的app.config中。但请注意,如果用户具有对计算机的管理员访问权限,则可以解密存储在app.config中的密钥。