Ask a Question related to ASP.NET General, Design and Development.
-
Patrick #1
variables / application[]-object
Hi
I have the following problem. When starting my asp.net application, i read a
encrypted string from a file, decrypt it and want this values to be
available in the complete application. they should be stored in a global
variable, but it shouldn't be possible to modify this variable.
so what i tried first was using the application object to store that string.
that was fine, but the problem is, that it can be modified from outside, so
it's not good for my use.
next idea was to create a public string that returns the private string with
the get{} method. this works fine, but the problem is, where do i store the
string, that i don't lose it. i mean, how can i store the decrypted string
in the variable, without reading it each time from the file and decrypting
it. i want to store it in the private variable and it should always be
there, as long as the application is running.
any ideas?
Thanks
Patrick Guest
-
Problem with Application variables using Application.cfc
Hi guys, I'm using CFMX7 and with that the Application.cfc. I've defined the app variables using <cfset This.varname = "something"> I would like... -
need help on application variables
Hi, I need help on the usage of application variables... Can I populate application variables through my console application and use them in... -
Application variables
Hi, What is the best way to maintain a value across multiple pages. I could of course send the value by URL request, but I feel there should be a... -
DB Field name="application" and Application scope variables
Hi, There is DB Field application which overwrited ,as I see , Application scope variable Are there way to solve this problem without using... -
Global variables - application variables vs include file
What are the best methods for using global constants and variables? I've noticed that many people put all global constants in a file and include... -
Patrick #2 Re: variables / application[]-object
Karl, thnanks for your answer. but as I see in your example, you add the
secret string to the application object? so that was what i was thinking,
that i have to add it there. there is no way to keep it in memory as
readonly. in the application_start i want to read the file, decrypt that
info, store it to a read-only global variable, that i can access from every
aspx page.
as i understand you, in the application_start i load the string to the
session variable (crypted) and each time i request the public readonly
variable, it will be decrypted.
right?
but in that case, people still can modify the application object and clear
the crypted string.
or do i missunderstand you?
thanks for your help
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:eihoKq6RDHA.1868@TK2MSFTNGP11.phx.gbl...gets> You shouldn't cary around sensitive data in the application object...it[url]http://msdn.microsoft.com/asp.net/default.aspx?pull=/library/en-us/dnnetsec/html/THCMCh14.asp#c14618429_011[/url]> dumped when page.trace=true.
>
> you may want to look at this article (amongst others):
>the>
> Finally, the quickest solution to your problem would be to cache (say inin> application variable if you can't find a better place) an instance the
> object that contains your string..you can create the object, decrypt the
> string, and store it in memory on application_Start
>
> Dim SecretString as new MySecretStringObject
> SecretString.Decrypt()
> application.add("SecretString", SecretString)
>
> As you can image, the decrypt function decrypts the string and stores itread> a private field. And you have a public readonly property to read from it.
>
> Karl
>
>
> "Patrick" <patrick911@bluemail.ch> wrote in message
> news:1057913484.254447@fuchs.cyberlink.ch...> > Hi
> >
> > I have the following problem. When starting my asp.net application, istring> a> string.> > encrypted string from a file, decrypt it and want this values to be
> > available in the complete application. they should be stored in a global
> > variable, but it shouldn't be possible to modify this variable.
> >
> > so what i tried first was using the application object to store that> so> > that was fine, but the problem is, that it can be modified from outside,> with> > it's not good for my use.
> >
> > next idea was to create a public string that returns the private string> the> > the get{} method. this works fine, but the problem is, where do i store> > string, that i don't lose it. i mean, how can i store the decrypteddecrypting> > in the variable, without reading it each time from the file and>> > it. i want to store it in the private variable and it should always be
> > there, as long as the application is running.
> >
> > any ideas?
> >
> > Thanks
> >
> >
>
Patrick Guest
-
Karl Seguin #3 Re: variables / application[]-object
you don't load the string in the application variable, you load the entire
object...which means the string is still private (or readonly via the
property). However, the object can still be removed...or replaced with
something else - as you've pointed out.
You could implement a readonly static field...but then you could get into
threading issues.
How about this:
implement a class with a single shared/statis function. something like
this:
public function GetSecret() as string
dim secret as string = cstr(cache("mysecretstring"))
if secret is nothing then
secret = DECRYPTSTRING() 'some private shared function
cache.add("mysecretstring", secret, New
System.Web.Caching.CacheDependency("FILETHATHOLDSY OURSTRING"),
Caching.Cache.NoAbsoluteExpiration, Caching.Cache.NoSlidingExpiration,
CacheItemPriority.Normal, Nothing)
end if
return string
end function
Yes, people can still manipulate teh cache and screw around with it...as far
as I know..there's no way to create a readonly cache...though atleast it's a
bit obfuscated. You've also moved the string away from the application and
into the cache..which I think is good.
There are callback methods you can use whenever the cache drops an
item..never used them..,maybe the could come in handy...dunno.
Karl
"Patrick" <patrick911@bluemail.ch> wrote in message
news:1057930848.858276@fuchs.cyberlink.ch...every> Karl, thnanks for your answer. but as I see in your example, you add the
> secret string to the application object? so that was what i was thinking,
> that i have to add it there. there is no way to keep it in memory as
> readonly. in the application_start i want to read the file, decrypt that
> info, store it to a read-only global variable, that i can access from[url]http://msdn.microsoft.com/asp.net/default.aspx?pull=/library/en-us/dnnetsec/html/THCMCh14.asp#c14618429_011[/url]> aspx page.
>
> as i understand you, in the application_start i load the string to the
> session variable (crypted) and each time i request the public readonly
> variable, it will be decrypted.
>
> right?
>
> but in that case, people still can modify the application object and clear
> the crypted string.
>
> or do i missunderstand you?
>
> thanks for your help
>
>
> "Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
> news:eihoKq6RDHA.1868@TK2MSFTNGP11.phx.gbl...> gets> > You shouldn't cary around sensitive data in the application object...it>> > dumped when page.trace=true.
> >
> > you may want to look at this article (amongst others):
> >it.> the> >
> > Finally, the quickest solution to your problem would be to cache (say in> in> > application variable if you can't find a better place) an instance the
> > object that contains your string..you can create the object, decrypt the
> > string, and store it in memory on application_Start
> >
> > Dim SecretString as new MySecretStringObject
> > SecretString.Decrypt()
> > application.add("SecretString", SecretString)
> >
> > As you can image, the decrypt function decrypts the string and stores it> > a private field. And you have a public readonly property to read fromglobal> read> >
> > Karl
> >
> >
> > "Patrick" <patrick911@bluemail.ch> wrote in message
> > news:1057913484.254447@fuchs.cyberlink.ch...> > > Hi
> > >
> > > I have the following problem. When starting my asp.net application, i> > a> > > encrypted string from a file, decrypt it and want this values to be
> > > available in the complete application. they should be stored in aoutside,> > string.> > > variable, but it shouldn't be possible to modify this variable.
> > >
> > > so what i tried first was using the application object to store that> > > that was fine, but the problem is, that it can be modified fromstring> > so> > > it's not good for my use.
> > >
> > > next idea was to create a public string that returns the privatestore> > with> > > the get{} method. this works fine, but the problem is, where do i> string> > the> > > string, that i don't lose it. i mean, how can i store the decrypted> decrypting> > > in the variable, without reading it each time from the file and>> >> > > it. i want to store it in the private variable and it should always be
> > > there, as long as the application is running.
> > >
> > > any ideas?
> > >
> > > Thanks
> > >
> > >
> >
>
Karl Seguin Guest
-
Patrick #4 Re: variables / application[]-object
Karl, thanks for your help. The caching solution works fine for my needs and
was just a quick thing to implement.
So thanks for your great help
Patrick
"Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
news:%23fCS217RDHA.704@tk2msftngp13.phx.gbl...far> you don't load the string in the application variable, you load the entire
> object...which means the string is still private (or readonly via the
> property). However, the object can still be removed...or replaced with
> something else - as you've pointed out.
>
> You could implement a readonly static field...but then you could get into
> threading issues.
>
> How about this:
>
> implement a class with a single shared/statis function. something like
> this:
>
> public function GetSecret() as string
> dim secret as string = cstr(cache("mysecretstring"))
> if secret is nothing then
> secret = DECRYPTSTRING() 'some private shared function
> cache.add("mysecretstring", secret, New
> System.Web.Caching.CacheDependency("FILETHATHOLDSY OURSTRING"),
> Caching.Cache.NoAbsoluteExpiration, Caching.Cache.NoSlidingExpiration,
> CacheItemPriority.Normal, Nothing)
> end if
> return string
> end function
>
>
> Yes, people can still manipulate teh cache and screw around with it...asa> as I know..there's no way to create a readonly cache...though atleast it'sand> bit obfuscated. You've also moved the string away from the applicationthinking,> into the cache..which I think is good.
>
> There are callback methods you can use whenever the cache drops an
> item..never used them..,maybe the could come in handy...dunno.
>
> Karl
>
> "Patrick" <patrick911@bluemail.ch> wrote in message
> news:1057930848.858276@fuchs.cyberlink.ch...> > Karl, thnanks for your answer. but as I see in your example, you add the
> > secret string to the application object? so that was what i wasclear> every> > that i have to add it there. there is no way to keep it in memory as
> > readonly. in the application_start i want to read the file, decrypt that
> > info, store it to a read-only global variable, that i can access from> > aspx page.
> >
> > as i understand you, in the application_start i load the string to the
> > session variable (crypted) and each time i request the public readonly
> > variable, it will be decrypted.
> >
> > right?
> >
> > but in that case, people still can modify the application object andobject...it> > the crypted string.
> >
> > or do i missunderstand you?
> >
> > thanks for your help
> >
> >
> > "Karl Seguin" <kseguin##crea.ca> schrieb im Newsbeitrag
> > news:eihoKq6RDHA.1868@TK2MSFTNGP11.phx.gbl...> > > You shouldn't cary around sensitive data in the application[url]http://msdn.microsoft.com/asp.net/default.aspx?pull=/library/en-us/dnnetsec/html/THCMCh14.asp#c14618429_011[/url]>> > gets> >> > > dumped when page.trace=true.
> > >
> > > you may want to look at this article (amongst others):
> > >in> > >
> > > Finally, the quickest solution to your problem would be to cache (saythe> > the> > > application variable if you can't find a better place) an instance the
> > > object that contains your string..you can create the object, decryptit> > > string, and store it in memory on application_Start
> > >
> > > Dim SecretString as new MySecretStringObject
> > > SecretString.Decrypt()
> > > application.add("SecretString", SecretString)
> > >
> > > As you can image, the decrypt function decrypts the string and storesi> it.> > in> > > a private field. And you have a public readonly property to read from> > >
> > > Karl
> > >
> > >
> > > "Patrick" <patrick911@bluemail.ch> wrote in message
> > > news:1057913484.254447@fuchs.cyberlink.ch...
> > > > Hi
> > > >
> > > > I have the following problem. When starting my asp.net application,be> global> > read> > > a
> > > > encrypted string from a file, decrypt it and want this values to be
> > > > available in the complete application. they should be stored in a> outside,> > > > variable, but it shouldn't be possible to modify this variable.
> > > >
> > > > so what i tried first was using the application object to store that
> > > string.
> > > > that was fine, but the problem is, that it can be modified from> string> > > so
> > > > it's not good for my use.
> > > >
> > > > next idea was to create a public string that returns the private> store> > > with
> > > > the get{} method. this works fine, but the problem is, where do i> > string> > > the
> > > > string, that i don't lose it. i mean, how can i store the decrypted> > decrypting> > > > in the variable, without reading it each time from the file and> > > > it. i want to store it in the private variable and it should always>> >> > > > there, as long as the application is running.
> > > >
> > > > any ideas?
> > > >
> > > > Thanks
> > > >
> > > >
> > >
> > >
> >
>
Patrick Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
