ASP.Net, MSDE, and Windows XP Encryption
When it comes to .Net and Windows XP Encryption, don't do it.
Here at work we are very concerned about data security. A recent issue that came up was the security of business data that was stored on laptops and home computers.
In the past, I would archive the files I need and copy them onto a USB key or CDRW so I could bring them home and work on them. Then, when I'm ready to work at home or on my laptop, I restore the archive to my hard drive and I'm good to go.
In an attempt to be a 'secure' employee, I began password protecting my archives. Winrar is a really good tool for this, since it also 128-bit encrypts the entire archive when it is password protected. Then, using Windows XP file encryption, I encrypted my working folder. Here's where the problems started.
First, MSDE (MS SQL Server Developer Edition) could not read the encrypted data files. I thought perhaps SQL Server had just gotten confused, so I detached the database with the attention of attaching it again. However, SQL server could not attach to the encrypted database (if I remember correctly, it told me that it was an invalid .mdf file). As soon as I unencrypted the data files, SQL Server attached it without complaint.
Second, when I tried to run my ASP.Net application, I kept getting an error that said access was denied to one of the assemblies that I had written. It turned out that it couldn't read the encrypted .dll files. Once I unencrypted my work folder, everything worked out great.
So, to sum it all up, when you are working with MSDE and ASP.Net, don't use Windows XP file encryption.
Here at work we are very concerned about data security. A recent issue that came up was the security of business data that was stored on laptops and home computers.
In the past, I would archive the files I need and copy them onto a USB key or CDRW so I could bring them home and work on them. Then, when I'm ready to work at home or on my laptop, I restore the archive to my hard drive and I'm good to go.
In an attempt to be a 'secure' employee, I began password protecting my archives. Winrar is a really good tool for this, since it also 128-bit encrypts the entire archive when it is password protected. Then, using Windows XP file encryption, I encrypted my working folder. Here's where the problems started.
First, MSDE (MS SQL Server Developer Edition) could not read the encrypted data files. I thought perhaps SQL Server had just gotten confused, so I detached the database with the attention of attaching it again. However, SQL server could not attach to the encrypted database (if I remember correctly, it told me that it was an invalid .mdf file). As soon as I unencrypted the data files, SQL Server attached it without complaint.
Second, when I tried to run my ASP.Net application, I kept getting an error that said access was denied to one of the assemblies that I had written. It turned out that it couldn't read the encrypted .dll files. Once I unencrypted my work folder, everything worked out great.
So, to sum it all up, when you are working with MSDE and ASP.Net, don't use Windows XP file encryption.
posted by Ed M. at
8:28 AM
0 Comments:
Post a Comment
<< Home