This question is somewhat similar to this I think: What is the use of Default Issuer and Default Key in Windows Azure Service Bus? Does the key need to be secured?
I have a PC application in which I want to access "Azure Storage Tables" and "Azure Service Bus Topics". Both are accessed through the use of an "Access Key". (This is by design by Microsoft.) Right now the access key is embedded in my .NET code. I estimate that it'll take about 5 min to decompile the .NET assembly, pull out the access key and gain full access to the storage and service bus namespace. In case I want to prevent users from gaining full access to my data, how do I protect it?
- Instead of a .NET assembly I could build an unmanaged dll? In that case it'll take 10 min to break.
- I could encrypt the access key with a custom password and store in on disk or in cloud. In that case it'll still take ~10 min to decompile and break, assuming that the user has access to the custom password.
- I could create separate storage accounts for all users. That way if one account is compromised (by the user) he'll only have access to his own account. This prevents concepts like "shared system data" though. And I'm not sure that I have an infinite number of storage accounts. (Right now it says max 20 in my portal.)
- I could obfuscate the .NET assembly? I have a strong dislike to obfuscating .NET assemblies though. It brings along a lot of extra issues usually. And I'm guessing that you can still pull out the key through a memory debugger.
How do you usually protect this kind of "system account access"?
