How to secure a static string in a windows .net app?
We are preparing to deploy a Windows .NET client app that will make web service calls back to our central server. We've been given the requirement to validate that all calls made to the web service come from our client apps and not from any other caller. It's been proposed that we pass along a security token that is common to all installations of our application. However we now have this common string to secure within the application installation. Is there an effecti开发者_开发问答ve way to reasonably protect such a string from being discovered by a hacker?
Thanks for any and all advice.
- Use
SecureString
to deal with the token at all times. This way it will be a lot harder to retrieve the token from the memory. - Store the token as a connection string in
app.config
and encrypt the 'connectionStrings' section. This way the token will be secured from anyone except the user's account (through DPAPI). - Use
SslStream
to do the client-service communications. This way, your connection will be both encrypted. Coupled with the token, your communications will now be both authenticated (i.e. you know your client) and secured.
Authentication and Authorization in WCF Services - Part 1
It's called public key encryption.
- your app send its public key to the server
- server gives back encrypted string that must be added to some prefix
- your app asks the server his public key
- you app decrypts the string, add the prefix
- encrypts with the server public key
- send the key to the server
- server validates
If the hacker knows your prefix that is in your binary file it wont know the suffix that the server provides, and wont be able to decrypt what you send back to the server because the hacker doesn't have the servers private key. Vulnerability is that the hacker could extract the private key in the app to decrypt the suffix. But the server can change that every few seconds if required or it can be timedependent. However time dependent can be exploited, it is better to have a variable time dependent suffix change if you choose this. At some point and with a lot of effort and a supercomputer at disposal the hacker could hack that too, by searching for a key that can decrypt all of the resulting strings that are sent back, that is why you should not generate random suffixes on the server but recycle few of them.
If you think that is too much work, you could use SecureString and encrypted connection strings. But that sure is hackable with some time at disposal because everything needed is on client side, and the hacker does not need x*2 bruteforce decrypt-ions..
精彩评论