Archives
-
DevDays: Deploying Application Secrets
One question that I didn't have time to address during the OpenHack talk is how the encrypted encryption key, the entropy for the DPAPI calls and the connection string to access the Awards database are encrypted and stored in the registry.
-
Speculating On Indigo, again
Time for me to start my next round of Indigo speculations.
-
Jeff's looking for the web services dial tone
-
DevDays: Restricting access to IIS websites.
One of the questions that came up after the Open Hack session in Houston was how do I restrict access to IIS once I detected an attack from a specific IP address?
-
DevDays: A simple way to configure a domain account to access the database
The web track sessions at DevDays highlights how important it is to access SQL Server using a trusted connection. However, the OpenHack sample application “cheats” because the web site and the database run on the same machine and you can simply configure the ASPNET account in the database.
-
DevDays: OpenHack and encrypting the encryption key
If you take a look at the code for the Open Hack application, you may notice that sensitive information is encrypted using an application specific encryption key, but the sensitive information in the registry is encrypted using the DPAPI functions.