I woke up this morning with a horrible thought. So, in the InitApplication, the admin name and password, the security user name and password and the key for security are all set. All very easily accessible by decompiling the assembly. So, I must be missing something. How is this information secured in a Winform app? I'm guessing that .NET can't actually secure this and an obfuscater must be used.

Thanks for the comments and encouragement from both Keith and Ivan. I'm seriously considering it. I contacted sales and got the details. I'm assuming that Ben, Trent and Steve actually teach this class right?

You can use obfuscator, but what we did for our medical system is create a dynamic password that goes through a series of prefixes (which are encrypted in the code) and then we just decrypt it when the app is loading.  This way it is not stored in the assembly as clear text.  For example, see a password example below:

Dim lo3DES As New MicroFour.StrataFrame.Secuity.Encryption.TripleDESWrapper()

SecurityBasics.AdministratorPassword = lo3DES.Decrypt("jCgs2890obI=")

To get the encrypted text we just wrote a simple little program that turns the text that we type in into the encrypted text.  We then copy that text and do whatever we want with it.

OK, but don't you need to have a known key to do the encryption/decryption and isn't that key set in code as clear text? (the setsecuritykeyandvector...property) I know just enough to be dangerous when it come to cryptography, but no enough to actually know anything :/

That's it Greg, these are the ones.

No...a key and vector are byte arrays, so you can store this anywhere in your app, and even have a method that obfuscates that array before it is passed over.  The sample I gave you uses the defaults, so they will not be visible, but there are definite ways to do this.  In our medical application we also tie in some additional hashes that are appended to the password....so it would take an extremely dedicated genius to crack the code

OK, to restate what's been said so far (mostly so I have it straight to update my boss, who will decide to actually buy StrataFrame):



1. Ton of way to handle setting up data sources.

2. Sensitive strings can be encrypted within .net assembly, i.e. externally, encrypt them, then paste encrypted string with a call to decrypt it.

3. The keys are byte arrays, thus are not as easily read, they can be encrypted and salted (extra hashs) (I sort of know what that means).

4. For now, I can just use the default key provided by SF to start to figure this out.

5. I will continue to be able to get help here to figure this out

6. The upcoming class would really help me much less clueless

You got it