0

I'm having to store a user account locally on a machine, what would be the best method to store this? (Needs to be reversable encryption rather than hash)

I'm accessing a UNC share as mentioned here: Accessing UNC Share from outside domain for file transfer

Using this suggested method: http://www.codeproject.com/KB/IP/ConnectUNCPathCredentials.aspx

This will be an automated process so no option of human entered credentials. I'm currently encrypting the details and storing them in the registry using TripleDES:

http://www.devarticles.com/c/a/VB.Net/String-Encryption-With-Visual-Basic-.NET/4/

With the key and initialization vector hard coded within the application.

Can anyone suggest a better method or changes to the above to secure the credentials as much as possible?

alt text

Community
  • 1
  • 1
madlan
  • 1,387
  • 10
  • 34
  • 63

1 Answers1

1

You never ever need to store user credentials. If your process needs to access a network share then it should be run under proper credentials, using runas or service account properties. If the network credential is not in a the local/current domain it should use runas /netonly. And that's all there is to it, no excuses, no exceptions.

As a side note, Windows applications store secrets locally using DPAPI, exposed in .Net as ProtectedData class. The link has fully functional examples of encrypting data with DPAPI in .Net. However, the point remains that storing user credentials in applications, even under DPAPI, is fundamentally broken.

Remus Rusanu
  • 288,378
  • 40
  • 442
  • 569
  • My app is being called by an FTP program. When an upload completes the file is moved into the domain. I'm using WNetUseConnection to pass credentials (An account created locally on the server hosting the share within domain). I cannot impersonate a user via runas\a service as there is no DC to authenticate. The only option is to pass credentials to login to the UNC share.My app is being called by an FTP program. When an upload completes the file is moved into the domain. I'm using WNetUseConnection to pass credentials (An account created locally on the server hosting the share). – madlan Nov 03 '10 at 00:33
  • I cannot impersonate a user via runas or as a service as there is no DC to authenticate against. The only option is to pass credentials to login to the UNC share. – madlan Nov 03 '10 at 00:34
  • `runas /netonly` does **not** require a DC. – Remus Rusanu Nov 03 '10 at 00:40
  • Hi Remus, Examples of runas seem to require the credentials to be stored locally: http://www.codeproject.com/KB/cs/runas.aspx Do you have any examples of using runas /netonly without the need? – madlan Nov 03 '10 at 11:49
  • I've updated the question with an image of the infrastructure I'm working with. – madlan Nov 03 '10 at 17:53
  • Add the FTP server to the domain, develop your VB app as a service (http://msdn.microsoft.com/en-us/library/zt39148a%28v=VS.100%29.aspx), install your service on the FTP server to run as a domain account. – Remus Rusanu Nov 03 '10 at 18:08
  • Just to be clear: the root of your problems is the FTP server being out of the domain. This arrangement does not make your deployment more secure, it makes it *less* secure exactly because of the problem you're running into: the FTP server needs to store credentials in order to access anything in the domain. This requirement cascades to every process/app on the FTP server, and every app/script/service needs to store these credentials *somewhere*. some will store it secure, some not so. Ultimately, by having the FTP server out of the domain, you end up with passwords all over the place. – Remus Rusanu Nov 03 '10 at 18:14
  • Thanks Remus, I was told the FTP server would not be be part of the domain for security reasons - apparently more secure being behind a firewall and in a workgroup. – madlan Nov 03 '10 at 22:09