Contents tagged with DevDays
- 
DevDays: Deploying Application SecretsOne question that I didn't have time to address during the OpenHack talk is how the encrypted encryption key, the entropy for the DPAPI calls and the connection string to access the Awards database are encrypted and stored in the registry. 
- 
DevDays: Restricting access to IIS websites.One of the questions that came up after the Open Hack session in Houston was how do I restrict access to IIS once I detected an attack from a specific IP address? 
- 
DevDays: A simple way to configure a domain account to access the databaseThe web track sessions at DevDays highlights how important it is to access SQL Server using a trusted connection. However, the OpenHack sample application “cheats” because the web site and the database run on the same machine and you can simply configure the ASPNET account in the database. 
- 
DevDays: OpenHack and encrypting the encryption keyIf you take a look at the code for the Open Hack application, you may notice that sensitive information is encrypted using an application specific encryption key, but the sensitive information in the registry is encrypted using the DPAPI functions.