Pedro Luz

Hi everybody

I'm kind of new to C# and Visual C#... I was wondering... How safe it is to save information in the Project.Properties.Settings It's safe to save critical information like user names, passwords, emails, or it's better to use another way to save that kind of information and just use the Settings for low level information


thanks Smile


Re: Visual C# General Project.Properties.Settings, How safe it is????

Peter Ritchie

Depends on what your criteria for "safe" is. The information in user.config files isn't encrypted by default. The default information will be stored in app.config. When you save user-specific information, it's stored in a subdirectory of

C:\Documents and Settings\username\Local Settings\Application Data depending on OS--which will be only accessible by that user and administrators, depending on the OS and whether you've formatted the hard drive as NTFS.




Re: Visual C# General Project.Properties.Settings, How safe it is????

Martin Platt

I assume you mean the application settings class

The settings class in .NET is reasonably secure, as a quick solution, you can turn protection on for the settings class, which will encrypt the contents for you. However, if you had an asymmetric algorithm, with something like a certificate, it is more likely to be even more secure.

I guess really the whole answer to the question is, how secure does it need to be Are you doing CAS, strong names and such like to make the rest of the solution secure If you're not then the settings are definitely not going to require that level of effort, as they won't be the weakest link.

If there's anything else you need answering, please shoot another post out!

Good luck,

Martin.






Re: Visual C# General Project.Properties.Settings, How safe it is????

OmegaMan

Peter Ritchie wrote:

Depends on what your criteria for "safe" is. The information in user.config files isn't encrypted by default. The default information will be stored in app.config.



One can keep all information in the configuration file but encrypt it. It can be done letting the framework do it for you.1 The ASP.Net process can be used to encrypt sections in the app.config in place. Let me quote from the section Encrypting Configuration File Sections Using Protected Configuration

"ASP.NET 2.0 provides a new feature, called protected configuration, that enables you to encrypt sensitive information in a configuration file. Although primarily designed for ASP.NET, protected configuration can also be used to encrypt configuration file sections in Windows applications."2




Re: Visual C# General Project.Properties.Settings, How safe it is????

Peter Ritchie

OmegaMan wrote:
Peter Ritchie wrote:

Depends on what your criteria for "safe" is. The information in user.config files isn't encrypted by default. The default information will be stored in app.config.



One can keep all information in the configuration file but encrypt it. It can be done letting the framework do it for you.1 The ASP.Net process can be used to encrypt sections in the app.config in place. Let me quote from the section Encrypting Configuration File Sections Using Protected Configuration

"ASP.NET 2.0 provides a new feature, called protected configuration, that enables you to encrypt sensitive information in a configuration file. Although primarily designed for ASP.NET, protected configuration can also be used to encrypt configuration file sections in Windows applications."2




Re: Visual C# General Project.Properties.Settings, How safe it is????

Pedro Luz

hi,

thanks alot for all the fast replies Smile

After reading all the replies... i think that Properties.Settings... are just a very small step in front of the ancient (B.C) INI files.
Since i dont user asp.net.. and im not going to use it just for encription in c#... i'll try to search for a better way to save the critical information.

Thanks Smile