All geek questions in one place

Should I pass sensitive data to a Process.Start call in .NET?

I am working on a .NET Windows application that will use Process.Start to run another embedded .NET application running on the same PC. I need to transfer database connection information, including user ID and password, to the target application. I am trying to determine if I need to encrypt information before sending.

Assuming that the end-user PC is not compromised, will the connection information be displayed anywhere if I pass it unencrypted in arguments?

Something like this will be OK ...

string myExecutable = "myApp.exe"; string server = "myServer"; string database = "top_secret_data"; string userID = "myUser"; string password = "ABC123"; string dbInfo = string.Format("server={0} database={1} userID={2} password={3}", server, database, userID, password); ProcessStartInfo startInfo = new ProcessStartInfo(myExecutable, dbInfo); Process.Start(startInfo);

Or should I use something like this ...

 var crypto = new MySymmetricCryptoLib.Crypto(); string myExecutable = "myApp.exe"; string server = crypto.Encrypt("myServer"); string database = crypto.Encrypt("top_secret_data"); string userID = crypto.Encrypt("myUser"); string password = crypto.Encrypt("ABC123"); string dbInfo = string.Format("server={0} database={1} userID={2} password={3}", server, database, userID, password); ProcessStartInfo startInfo = new ProcessStartInfo(myExecutable, dbInfo); Process.Start(startInfo);
+4
source share
5 answers

Getting the arguments with which the process was called is pretty simple, so they will be displayed locally to a technically minded user. If this is not a problem for you, I would not worry about it, since you say that you are not transmitting over the network, and your question requires us that the machine not be compromised.

+4
source

This is not clear from your question from which you are trying to protect data. This is confusing because you said, "Assume the PC is not compromised."

If you start a local process on a machine and the machine is not compromised, then what should you protect yourself from? In this case, nothing will cross the network, so no one will be able to track the arguments.

However, if you are worried about who can have administrative access to a computer or a user who is potentially monitoring the data, then yes, you must encrypt it. It's pretty easy to see the command line arguments of a process. Any semi-competent user can find them.

+2
source

I would encrypt the entire string, not the individual fragments, you basically told a stranger that here the connection information just goes ahead and breaks it. Another option is to pass arguments after starting another application.

It is important when your building security measures determine what the attack is (gaining access to connection information for the database) and who is going to launch the attack. Are you trying to prevent a local user from getting this? Are you trying to interfere with a normal user or expert?

For example, an expert can continue to work and unload the process memory and find its unencrypted string.

+1
source

Use a named pipe and configure the ACL accordingly, then inherit the descriptor child process - don't worry about encryption.

+1
source

How do you need to change the destination application for decryption, why not change the receiving application to read from the configuration file, then encrypt the configuration file . If you need to pass different values ​​to another application, why not pass the connectionString key?

0
source

Source: https://habr.com/ru/post/1286294/

More articles:


All Articles