codingdir logo sitemap sitemap |
Home
PHP
C#
C++
ANDROID
JAVA
JAVASCRIPT
PYTHON

Least worst option to secure database connection string for distributed wpf application to users with local admin rights


By : , Category : c#

You are right: you cannot prevent a determined local admin to get access to this database.

Here's what I -- as a determined user -- would do (I have done it in the past with other programs): I would attach a debugger to the running process and look at the memory to find the plain connection string (of course I am simplifying -- but it works).

Another option would be to use the debugger to hijack your IDbCommand objects to execute arbitrary SQL code, no need for me to find the connection credentials, your application manages the connection for me.

So it really comes down to: how competent and determined are your users? how important is your database? how determined are you? It's the classical hacker trade-off: how much effort do you want to put into this to discourage your users from cracking your app, knowing that in the end it's always technically possible to crack it?

The bare minimum I would do:

  1. Encrypt the raw connection string. You have covered this part.

  2. Maybe do the encryption in code rather than rely on the built-in app.config section encryption. The problem with the built-in one is that it's self-documenting. People with .net knowledge will know just by reading it how it's encrypted. The security is provided by securing the keys, but they can't really be hidden from a local administrator. There's even a command-line tool to decrypt the section (if you pass the correct keys)! Performing the decryption in code makes it less obvious which algorithm you're using and needs more work to actually decrypt it. NOTE: you should still use a strong cryptography provider such as those you've mentionned. I am not saying that you should invent your own cryptographic cipher, rather than you may hide the cipher you use in the program itself rather than the config file.

  3. Obfuscate the compiled assembly. Otherwise it's just to easy to open it up in a tool such as IlSpy, and even modify it (e.g. to dump the plain connection string).

  4. Add some debugger traps to prevent attaching a debugger to your process.

Note that both 3. and 4. would be more efficient with a mixed mode assembly (one that contains native code as well as managed code).

This is a start. Maybe other people will have more ideas.


Of course this was just the application side. The embedded database should be appropriately protected as well. It should be encrypted to start with.

ReLated :

If you use somekind of specific authentication tools like Devise for ex. then I suggest implementing authorization solution with cancancan gem. You have a specific ability file there under your models directory where you can declare access-rights for different user roles.

Makes your future code much cleaner and easier to read also.

###EDIT:

As previous answer points out then there is also a CanCan gem but as much as I know then it is not supported in Rails4. While writing this answer, CanCanCan build-status in github is marked as failing but I've been using it for a long time now in my projects and I'm happy :)

###

ability.rb example:

def secretary_abilities
  can [:create, :read, :update], Person
end

def superadmin_abilities
  # superadmin can do everything that secretary can
  secretary_abilities
  # ...and can also do destructive actions
  can [:destroy], Person
end

After that you can add checks into your views like this:

<% if can? :show, Person %>
  <%= link_to 'Show', person_path(@person) %>
<% end %>

You can inherit from authorizeattribute and override authorizecore, then just decorate your controller and/or methods with the attribute to handle this scenario. For instance:

public class PageAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (/*Rolemanager check*/) {
            return true;
        }
        return false;
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary
        {
            {"action", "PageDenied"}
            ,
            {"controller", "Authorization"}
        });
    }
}

You can use the httpContext.User.Identity.Name for checking the username.

[PageAuthorize]
public class PageController : Controller
{}

Create in sql windows authentication to server authentication then you can add username and password then you can secure your database

If you are worried about the users using such advanced techniques as LINQPad or Powershell to read the config file, there is really nothing that can be done aside from embedding the connection string inside the assembly and obfuscate it - and even this can be circumvented.

What you should do is get all the database logic and put it in a WebService, on a separate server - and modify the application to access the database via the WebService. If you did it The Right Way (TM) than it is easy as swapping the "Database Access Layer" with a "Service Access Layer". This way you can authenticate each one with a custom password, and then if someone plays around with it you will have a log of who did what and when.

Liability is a powerful deterrent.

Comments


Message :
Login to Add Your Comments .
How to disable registered OpenCL platforms on Windows?
Is Observable broken in Angular 2 Beta 3?
Cross-thread operation not valid when using Invoke
How to pass an IEnumerable or queryable list of properties from Controller to View
Finding numbers after a certain keyword using Python
Pocketsphinx recognizes random phrases in a silence
Passing non-thread-safe objects through thread-safe containers
React scroll nav
BizTalk WCF-BasicHttp Adapter does not allow Empty string for Service Certificate Props
Why property ''cause" of Exception is repeating forever?
Privacy Policy 2017 © codingdir.com All Rights Reserved .