Asp - AES Encryption And Key Storage?

Jan 10, 2010

A few years ago, when first being introduced to ASP.net and the .NET Framework, I built a very simple online file storage system.This system used Rijndael encryption for storing the files encrypted on the server's hard drive, and an HttpHandler to decrypt and send those files to the client. Being one of my first project with ASP.net and databases, not understanding much about how the whole thing works (as well as falling to the same trap described by Jeff Atwood on this subject), I decided to store freshly generated keys and IVs together with each file entry in the database.

To make things a bit clearer, encryption was only to protect files from direct access to the server, and keys were not generated by user-entered passwords. My question is, assuming I don't want to keep one key for all files, how should I store encryption keys for best security? What is considered best practice? (i.e: On a different server, on a plain-text file, encrypted). Also, what is the initialization vector used for in this type of encryption algorithm? Should it be constant in a system?

View 2 Replies


Similar Messages:

Security :: Encryption Algorithm - Encryption Of Data Required In The Coding?

Sep 16, 2010

Not sure if I'm posting the question in the right category.

1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.

I'm using TCP/IP protocol.

2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?

View 3 Replies

Database Encryption Or Application Level Encryption?

Oct 23, 2010

When you need to store sensitive data such as CCs or SSNs, do you:1) Build your own encryption routine within the application, define a secret key somewhere in a config file, and then manually encrypt/decrypt data going to the database.2) Push all the problem to the database, using the built in DB capabilities (I think most vendors call it Transparent Database Encryption).What trade-offs have you find for your solution? Does writing your own routine perform poorly when compared to TDE? Is code maintainability, or conversely DB vendor lock-in an issue?

View 3 Replies

Photo Storage For Web App?

Dec 26, 2010

User images - database vs. filesystem storage

Where should i store photos for a facebook-like app ? locally on the server in a folder or upload them to a database ? I am not intending to make this app commercial .

View 2 Replies

Php - Image Storage And CDN For Websites?

Oct 13, 2010

Currently I am looking to move my websites images to a storage service. I have two websites developed in PHP and ASP.NET.

Using Amazon S3 service we can host all our images and videos to serve web pages. But there are some limitations using S3 service when we want to serve images.

If website needs different thumbnail images with different sizes from original image, it is tough. We have again need to subscribe for EC2 also. Though the data transfer from S3 to EC2 is free, it takes time for data transfer before processing image resize operation. Uploading number of files in zip format and unzipping in S3 is not possible to reduce number of uploads. Downloading multiple files from S3 is not possible in case if we want to shift to another provider. Image names are case sensitive in S3. Which will not load images if image name does not match with request. Among all these first one is very important thing since image resize is general requirement. Which provider is best suitable to achieve my goal. Can I move to Google AppEngine only for the purpose of image hosting or is there any other vendor who can provide above services?

View 3 Replies

Not Enough Storage Is Available To Process This Command?

Feb 2, 2011

Im using Visual studio 2008 in a Windows 7 (32 bit) operating system. Ive just started getting this error message randomlyNot enough storage is available to process this commandIve googled the message and it seems like the solution is to increate the amount of RAM visual studio usesIve tried to follow the instructions herehttp://stevenharman.net/blog/archive/2008/04/29/hacking-visual-studio-to-use-more-than-2gigabytes-of-memory.aspxbut when I try to use bcdedit, I get this errorboot configuration data store could not be opened access is deniedso I tried the suggestion herehttp://social.answers.microsoft.com/Forums/en-US/w7repair/thread/9e995bc8-141c-4ed0-9b17-2dbe92369202Im confused by this linec. At the command prompt, the following line, and then press ENTER:bcdedit /set {current} Description "name you want"and press Enter.

View 7 Replies

Architecture :: Document Storage And Retrieval

Dec 21, 2010

In our organization we had to write code to store and retrive documents in many apps. Now I would like to write a service/library that can be used my other devs. Not sure how to start about that? What should be my first step.

View 5 Replies

How To Scale Document Storage System

Feb 1, 2011

I maintain a web application (ASP.NET/IIS7/SQL2K8/Win2K8) that needs to access documents, actually hundreds of thousands of documents, and growing. Currently, they are all on a Windows 2K8 Server fileshare, being accessed by UNC path (SMB). The files are in a single flat directory and I'm trying to plan how to best improve this solution. I don't want to use the SQL Filestream attribute as it would be significant effort to migrate it all into that, and would really lock in to SQL Server. I also need to find a way to replicate the data for disaster recovery, so perhaps a solution can help with that too. Options could be: Segment files into multiple directories? application would add metadata for which directory it's on (or segment by other means) Segment files into separate servers? (virtualize)Backup becomes more complicated. Application would add metadata for which server it's on

NAS Storage
SAN Storage

Put a service (WCF) in front of the files and have the app talk to the service bonus of being reusable across many applications Assuming I'm going to store on filesystem and not in database (I've read those disccusions here), which would be a more scalable solution?

View 1 Replies

What Is The Lifespan Of Each Data Storage Area In MVC

Jan 3, 2011

I've seen some explanations of these, but nothing that really compares where they start, end, or overlap, or good examples of their use.

What is the life span of each of the following data collections? And am I missing any?

Application
Session
ViewData
TempData

View 1 Replies

C# - Access Images From External Storage In ASP

Jan 21, 2010

I have an ASP.NET site in a web server and the images are stored in NAS (some kind of lacie external storage), I tried UNC and other things but no success. how can I access images from external storage in ASP.NET Update: The images are reachable from the server but when I try to access in ASP.NET throws me error.

View 2 Replies

How To Secure File Transfer And Storage

Feb 21, 2011

I would like to be able to give my users the ability to securely upload and store files, sometimes upwards to about a gigabyte in size. I'm not quite sure what's the best way to go about doing this. I would like to have the connection between the client and the server secured, so I'm sure I will probably have to use SSL. Now, my major crux is secure storage. Being that the data is somewhat sensitive, I'm wondering if I should encrypt the file before it is stored. I guess my question is, should I open the file and encrypt each byte or encrypt the file as a whole. I'm assuming that the latter is the better option. I know that there are a number of examples of how to encrypt a file using a number of different methods (aes, des, md5 (hashing not really encrypting), etc). Currently, to encrypt text, I am using the Rijndael algorithm, sha1, 256 bit keys, a predefined passphrase, salt value, and IV.

View 2 Replies

C# - Developing A File Storage Web Application?

Aug 5, 2010

I'm currently developing a web application whose primary user function is uploading and downloading of files. The files will be stored on the hard disk (no cloud storage yet).

Taking into consideration the possibilities of gigabytes of data and a large number of files, do I need to organize files into sub folders to account for the fetching of a file or is the file system's indexing already very efficient and I can ignore this potential bottle neck?

Update:

On a side note, I plan to store file names and any additional information in a SQL database and only query the disk when a user actually wants to download the file. This is how I plan on retrieving files:

FileStream stream = File.Open("C:file.txt");
byte[] fileContent = new byte[stream.Length];
stream.Read(fileContent, 0, fileContent.Length;

Any file information will be retrieved from the database. The hard disk will only be used for saving and fetching files.

Update 2:

Files will be saved as GUID + EXTENSION on the hard disk while the actual file name is stored in the database.

View 4 Replies

Php - Amazon S3 Provides Unlimited Storage Space?

Jan 20, 2011

In order to maintain user uploaded images in website becomes very tough as the number of images are increasing. In the long run the available disk space will come to 0 bytes.

Amazon generally provides unlimited space for their S3 service. If we want to provide unlimited space to our website what are the possible ways?

View 2 Replies

Image Storage And Retrieval In File System?

Jan 11, 2010

What is the best approach to storing images in a file system. Currently I am separating the images by day, month and then year. I am also hashing file name so that no two files will be stored with the same name. Lastly, how would I go about using the image file address in a forum?

View 3 Replies

Database Storage - References In Table Or Another Location?

Mar 26, 2010

On a website such as Amazon, they usually have a prodcut description which is normally 2 - 3 paragraphs of description. Would these information be stored on a database, or would they use include files for those sections, would it be stored in an XML file? I have a website which stores everything in a database and for most of it the website works. EG, in my database, I have a table with Column Names such as ISBN Number, Book Name, Publisher Name and all of which don't go above 50 characters! In some cases, the descriptions go on and on over several paragraphs. Where should this be stored? In the table or in another location which the database references?

View 3 Replies

DataSource Controls :: Storage Of Data - Separately?

Jun 26, 2010

I have data for Visa, Mastercard, moneybookers, etc. .. How do you propose to store data? In each table separately or not? You might like: 1 table that stores all the data and then call the information according to Visa, Mastercard, moneybookers, etc. Example: a table stored all data has deposit_options from each payment, or payments for each option do I need to each payment separately.

View 4 Replies

State Management :: Storage Options When ViewState Isn't Available?

Sep 24, 2010

I have a project in which several modules need to retrieve assorted scalar values (ie. int, string, etc.) before the ViewState is reestablished. To date I've been using the Session object for this though things are getting somewhat unwieldly now. Also Module A's session variables should really only be accessible by Module A, Module B's session variables really only accessible by Module B, etc. - yet with the Session object no such scope is available.

View 3 Replies

Architecture :: Layered Web Application. XML As Data Storage?

May 4, 2010

I'm thinking of using 3 layered architecture in my web site.Kind of classic layers - Presentation, BL, DAL and BO - business objects, just like in this great article http://imar.spaanjaars.com/QuickDocId.aspx?quickdoc=416I will have 4 projects according to levels.I'm goung to store data in xml files and my question is where should those files be located? In App_Data folder of web site? Then how DAL will know path where to find files to parse?

View 4 Replies

Use XML File As A Data Storage To Add - Retrieve - Update - Delete?

Dec 27, 2010

I want to use XML file as a data source for my application.

View 2 Replies

Preventing Storage Model Overwrites By Update Wizard

Jul 17, 2010

In my Entity Framework v4 project, I have a table with two columns that are computed by the database (via triggers, etc.). In order to get EF to properly insert records into the table, I have to manually mark the columns as "Computed" in the EF Storage Model (the StoreGeneratedPattern attribute), which is not supported by the designer -- so I have to make the edits by hand to the XML in the .EDMX file. The problem is that whenever my database schema changes, and I need to update the storage model in my project, the "Update Model Wizard" overwrites the whole Storage Model section of the .EDMX, eliminating my manual changes. This means that I have to keep a special list of such changes and manually re-apply them everytime I do an update!

Is there any way to prevent the Storage Model overwrites? Is there a way to flag the columns in the database, so that EF will automatically mark them as computed? As a last resort, is the some REALLY EASY XML tool/technique that can automatically apply the changes for me after every refresh? I've been told by an insider that one solution might be to check out the "Designer Power Pack" (link below), which allows you to customize generation of the storage model. I've only skimmed the info so far, but it looks to me like there may be a day or two learning curve to figure that out. Does anyone have any experience with the Designer Power Pack, or any other ideas? [URL]

View 4 Replies

C# - MSChart: ChartImageHandler Pros / Contras Of The Different Storage Settings

Mar 8, 2010

I'm using the MSChart Control in a Web Project. I saw that there are 3 different storage mode settings: file/memory/session. I couldn't find any information about the pros/contras or the impact of the settings.

View 2 Replies

How To Import Csv File( Already Uploaded In Blob Storage) In Azure(.Net)?

Jan 19, 2011

I want to import csv file(already uploaded in blob storage) in Azure. For example I have uploded test.csv on blob storage, now i just want to import that test.csv file in .net(azure) and after importing i will insert that data into azure database. I am using C# .net.

Creating a cvs file with all rows. Upload it as blob. Parse it with a Worker role and insert it in the sql azure db.

View 1 Replies

C# - Custom Session State Provider Needed For DB Storage?

Jan 16, 2011

I know this question is related to many others, but please bear with me.I am trying an experiment to store all information in database tables instead of the ASP.NET session. In ASP.NET 4 one can create a custom provider for session. So, again should I implement a Custom Session-State Provider or should I just disable session (in Web.config)?From the comments my question can be misunderstood. Hopefully this tidbit will help clarify:don't want to store the session in the database. I want to store information in the database that you would typically store in the session. One reason why: I don't want to carry around a session on every page, especially if thapage doesn't care about 90 percent of the information in the session

View 1 Replies

SQL Server :: Data Type Of Storage Used For Male And Female?

Mar 10, 2011

What data type of storage used for male and female?

View 2 Replies

Mobiles :: Error In PC Emulator Stating Storage Memory?

Jun 15, 2010

While debugging a handheld application within a PC Emulator I am getting an Error"Storage Memory is critically low.If you donot increase storage memory you mannot be able to start some program. use file explorer to delete some files..."How can increase the memory size of the emulatorI have added an external dll within the application at that time only this memory error occurs

View 10 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved