Mark
Thu Nov 03 03:59:43 CST 2005
.NET 1.1 has some secure string memory spaces, that said - I know nothing
about where you would find them as I dont particually use .NET.
To be most secure you would encrypt your password using PKE - there arnt
really any other ways - everything else is vunerable and there will always
be a way to intercept it.
In short, due to the nature of the operating system... No, there is no
absolute 100% way to do this. When the file resides on a computer outside of
your control you can only attempt 'best bet' and take into account the time
it takes you to try and secure every vector you could probably add a lot
more functionality to your products.
--
- Mark Randall
http://zetech.swehli.com
"Those people that think they know everything are a great annoyance to those
of us who do"
Isaac Asimov
"John" <johnli1995@hotmail.com> wrote in message
news:47F9f.8666$7h7.6929@newssvr21.news.prodigy.com...
> Hi,
>
> I want to design a secure mechanism to pass username/password from one
> process to another, but won' t use shared public key to inside source
> code for encryption / decryption due to its obviouse security hole, anyone
> who can access srouce code know the key.
>
> several approaches conceiving now:
> 1. pass as command line argument in win32 use CreateProcess(). There is
> security hole here.
> 2. use shared memory for IPC. but looks like we never previent 3rd party
> to process to break into shared memory if its name is known. Same thing
> even we use public key, however the key cannot be safely passed to another
> process.
> 3. ... what else...
>
> Is there any standard way to handle such things?
>
> Thanks very much!
>
> -John
>