Browse by Tags

All Tags » DevDays (RSS)

DevDays: Deploying Application Secrets by ChristophDotNet

One question that I didn't have time to address during the OpenHack talk is how the encrypted encryption key, the entropy for the DPAPI calls and the connection string to access the Awards database are encrypted and stored in the registry. I mentioned...
Filed under: ,

DevDays: Restricting access to IIS websites. by ChristophDotNet

One of the questions that came up after the Open Hack session in Houston was how do I restrict access to IIS once I detected an attack from a specific IP address? On a server OSs you can "lock out" requests coming in from specific IP addresses or subnets...
Filed under: ,

DevDays: A simple way to configure a domain account to access the database by ChristophDotNet

The web track sessions at DevDays highlights how important it is to access SQL Server using a trusted connection. However, the OpenHack sample application “cheats” because the web site and the database run on the same machine and you can simply...
Filed under: ,

DevDays: OpenHack and encrypting the encryption key by ChristophDotNet

If you take a look at the code for the Open Hack application, you may notice that sensitive information is encrypted using an application specific encryption key, but the sensitive information in the registry is encrypted using the DPAPI functions. Now...
Filed under: ,
More Posts