First week of MSDN Security Goodness

Posted Monday, March 15, 2004 9:48 AM by G Andrew Duthie

I just finished up my first week of doing MSDN security briefings for Microsoft. I had a great time with the audiences in Albany, NY and Staten Island, NY. Both audiences were very attentive and asked some great questions. I’m looking forward to this week’s talks in Roanoke, VA, and Charlottesville, VA on Tuesday and Thursday of this week. So if you’re in those areas, and want to learn more about what you can do as a developer to create more secure applications, sign up, and come on down!

Coincidentally, I noticed that my fellow ASPInsider, Paul Glavich, has cobbled together a managed wrapper library for using DPAPI from within managed code. DPAPI is a Win32 encryption library that’s included with later versions of Windows, and we demonstrate using it for encrypting connection strings in the second of the two sessions I give. Here’s Paul’s announcement:

I have written a DPAPI Managed wrapper that was pretty much taken from MSDN examples and had some extra functions added for ease of use (EncryptString, DecryptString). It uses an attribute mechanism to sandbox calls to the unmanaged functions/libraries.

The library can be found here, including full source code.

No big deal but it works well, nothing fancy, although there are rumours it can grow back amputated limbs, however I cannot confirm or deny this... ;-)

[Paul Glavich

I haven’t used Paul’s library, but I know that DPAPI is a great tool for encrypting those secrets that you have to store (rule #1 of secrets…don’t store a secret if you don’t have to), so you may want to take a look.

More upcoming events I’ll be presenting in this series:

3/22 – Akron, OH
3/25 – Butler, PA (Pittsburgh area)
4/13 – Uniondale, NY
4/15 – Rochester, NY
4/20 – Pensacola, FL
4/22 – Fort Walton Beach, FL
4/27 – Portland, ME
4/29 – Bangor, ME
5/11 – Cumberland, MD
5/12 – Hagerstown, MD
5/13 – Baltimore, MD
5/18 – Richmond, VA
5/19 – Norfolk, VA
6/1 – Allentown, PA
6/2 – North Brunswick, NJ

I’ll get links up for the later events as soon as they’re available…if you’re in one of those areas, please sign up and spend the afternoon learning about developer security.

Filed under: , , ,

Comments

# re: First week of MSDN Security Goodness

Monday, March 15, 2004 10:21 AM by Doug Reilly

Well, I look forward to the June 2nd North Brunswick briefing! I have added it to Outlook to remind me to register (about a month in advance should be OK, correct? That session does not have registration info yet).

# re: First week of MSDN Security Goodness

Monday, March 15, 2004 10:57 AM by Greg Robinson

Will be in Charlottesville

# re: First week of MSDN Security Goodness

Monday, March 15, 2004 11:10 AM by Scott

We wil have to get together when you are in North Brunswick. Its about 5 minutes from my house.

-Scott

# re: First week of MSDN Security Goodness

Tuesday, March 16, 2004 4:13 AM by Paul Murphy

Well done!

# re: First week of MSDN Security Goodness

Friday, March 19, 2004 3:33 PM by J. Ambrose Little

I haven't looked at his, but I was going to write one that follows the code library design guidelines (particularly taking out the all-caps stuff and maybe stuffing the constants into an enum). Did he do that?

Always ironic when MS doesn't follow their own guidelines. :-)

# re: First week of MSDN Security Goodness

Friday, March 19, 2004 3:43 PM by G. Andrew Duthie

Ambrose,

I don't know what Paul's library looks like, as I've not looked at it yet. I just wanted to give folks a heads up, since I know that it's a 'good thing' to be able to access DPAPI from managed code.

# re: First week of MSDN Security Goodness

Sunday, April 11, 2004 12:15 AM by Terri Morton

Andrew, I am looking forward to your visit to Allentown, PA. I'll be on the lookout for registration to open.

Leave a Comment

(required) 
(required) 
(optional)
(required)