You got it

OK, to restate what's been said so far (mostly so I have it straight to update my boss, who will decide to actually buy StrataFrame):



1. Ton of way to handle setting up data sources.

2. Sensitive strings can be encrypted within .net assembly, i.e. externally, encrypt them, then paste encrypted string with a call to decrypt it.

3. The keys are byte arrays, thus are not as easily read, they can be encrypted and salted (extra hashs) (I sort of know what that means).

4. For now, I can just use the default key provided by SF to start to figure this out.

5. I will continue to be able to get help here to figure this out

6. The upcoming class would really help me much less clueless

No...a key and vector are byte arrays, so you can store this anywhere in your app, and even have a method that obfuscates that array before it is passed over.  The sample I gave you uses the defaults, so they will not be visible, but there are definite ways to do this.  In our medical application we also tie in some additional hashes that are appended to the password....so it would take an extremely dedicated genius to crack the code

That's it Greg, these are the ones.

OK, but don't you need to have a known key to do the encryption/decryption and isn't that key set in code as clear text? (the setsecuritykeyandvector...property) I know just enough to be dangerous when it come to cryptography, but no enough to actually know anything :/

You can use obfuscator, but what we did for our medical system is create a dynamic password that goes through a series of prefixes (which are encrypted in the code) and then we just decrypt it when the app is loading.  This way it is not stored in the assembly as clear text.  For example, see a password example below:

Dim lo3DES As New MicroFour.StrataFrame.Secuity.Encryption.TripleDESWrapper()

SecurityBasics.AdministratorPassword = lo3DES.Decrypt("jCgs2890obI=")

To get the encrypted text we just wrote a simple little program that turns the text that we type in into the encrypted text.  We then copy that text and do whatever we want with it.

Thanks for the comments and encouragement from both Keith and Ivan. I'm seriously considering it. I contacted sales and got the details. I'm assuming that Ben, Trent and Steve actually teach this class right?

I woke up this morning with a horrible thought. So, in the InitApplication, the admin name and password, the security user name and password and the key for security are all set. All very easily accessible by decompiling the assembly. So, I must be missing something. How is this information secured in a Winform app? I'm guessing that .NET can't actually secure this and an obfuscater must be used.

Right, here goes my testimony ... put a soft song in the background.

I attended the course as well, and I had 0% of knowledge in .NET

Only great things came out of it. I was introduced to the product not only by the developers, but by the questions the other attendees made. So, I can't say I know .NET yet, nor VB.NET, which I decided to use with a little push, but within a month I had an extremely professional application developed, all set with security, layers, integrated reports, in a way I wouldn't dream to have in years of developing myself.

It's a great jump start, that I can tell you.

Cheers.

I attended the class after evaluating SF for only a few days due to the timing of the class, I had until that point been 100% self taught in .NET, I didn't come back a pro, but I was definitely on the right track and was able to be productive with SF as soon as the plane hit the ground. Highly recommended. I continue to learn and as you have seen here already the guys at SF are incredibly helpful.

Keith Chisarik