I just finished up my first week of doing MSDN security briefings for Microsoft. I had a great time with the audiences in Albany, NY and Staten Island, NY. Both audiences were very attentive and asked some great questions. I’m looking forward to this week’s talks in Roanoke, VA, and Charlottesville, VA on Tuesday and Thursday of this week. So if you’re in those areas, and want to learn more about what you can do as a developer to create more secure applications, sign up, and come on down!
Coincidentally, I noticed that my fellow ASPInsider, Paul Glavich, has cobbled together a managed wrapper library for using DPAPI from within managed code. DPAPI is a Win32 encryption library that’s included with later versions of Windows, and we demonstrate using it for encrypting connection strings in the second of the two sessions I give. Here’s Paul’s announcement:
I have written a DPAPI Managed wrapper that was pretty much taken from MSDN examples and had some extra functions added for ease of use (EncryptString, DecryptString). It uses an attribute mechanism to sandbox calls to the unmanaged functions/libraries.
The library can be found here, including full source code.
No big deal but it works well, nothing fancy, although there are rumours it can grow back amputated limbs, however I cannot confirm or deny this... ;-)
I haven’t used Paul’s library, but I know that DPAPI is a great tool for encrypting those secrets that you have to store (rule #1 of secrets…don’t store a secret if you don’t have to), so you may want to take a look.
More upcoming events I’ll be presenting in this series:
3/22 – Akron, OH
3/25 – Butler, PA (Pittsburgh area)
4/13 – Uniondale, NY
4/15 – Rochester, NY
4/20 – Pensacola, FL
4/22 – Fort Walton Beach, FL
4/27 – Portland, ME
4/29 – Bangor, ME
5/11 – Cumberland, MD
5/12 – Hagerstown, MD
5/13 – Baltimore, MD
5/18 – Richmond, VA
5/19 – Norfolk, VA
6/1 – Allentown, PA
6/2 – North Brunswick, NJ
I’ll get links up for the later events as soon as they’re available…if you’re in one of those areas, please sign up and spend the afternoon learning about developer security.