It seems Application Settings on Windows Phone are not secure and encrypted. I used isolated storage tool to pull all app files and folder fro mthe device and AppSettings file seems to be plain XML.
What about app linq databases? .sdf file seems to be encrypted.
I need to store very sensitive data that needs to be accessed both from the app and from background agent which is running in a separate process. They both seem to access application settings but since the storage is not secure I really cannot use app settings.
You can use the ProtectedData class to encrypt your sensitive data, then store it in the application settings or directly in the isolated storage.
For instance:
// Encrypting
var encryptedData = ProtectedData.Protect(Encoding.UTF8.GetBytes("Hello world!"), null);
// Decrypting
var sensitiveData = Encoding.UTF8.GetString(ProtectedData.UnProtect(encryptedData, null));
Related
I'm a Windows developer finally getting my feet wet on Mac - I've already stumbled across translocation.
I have a Qt-based application that I am porting to Mac and have a few basic types of user data. The app is distributed currently via zip file
1) Settings/config data. I understand this belongs in a plist file
2) XML-based application data. This data is intended to be edited by both users and the application. In most cases, it will only be power users that manually edit these files.
3) Image-based (jpg/png) in-application icons. This data is used by the application and expected to be created/provided separately by users.
On Windows, both 2 and 3 are simply located in subdirectories of the .exe.
What are the options or "correct" locations for such application data?
The usual location is a custom folder in the Application Support directory. This directory exists in the local domain (/Library/Application Support/) to save data for all users and in the user domain (~/Library/Application Support/) to save data per user.
There is a convention to name the custom folder in Application Support with the bundle identifier of the application but this is not mandatory.
While the Application Support directory is created implicitly your app is responsible to create the custom folder.
(NS)FileManager provides an API to get the Application Support directory without hard-coding paths. If your app is sandboxed you must use this (NS)FileManager API anyway
I am attempting to use the Microsoft Azure Storage Explorer, attaching with a SAS URI. But I always get the error:
Inadequate resource type access. At least service-level ('s') access
is required.
Here is my SAS URI with portions obfuscated:
https://ti<...>hare.blob.core.windows.net/?sv=2018-03-28&ss=b&srt=co&sp=rwdl&se=2027-07-01T00:00:00Z&st=2019-07-01T00:00:00Z&sip=52.<...>.235&spr=https&sig=yD%2FRUD<...>U0%3D
And here is my connection string with portions obfuscated:
BlobEndpoint=https://tidi<...>are.blob.core.windows.net/;QueueEndpoint=https://tidi<...>hare.queue.core.windows.net/;FileEndpoint=https://ti<...>are.file.core.windows.net/;TableEndpoint=https://tid<...>hare.table.core.windows.net/;SharedAccessSignature=sv=2018-03-28&ss=b&srt=co&sp=rwdl&se=2027-07-01T00:00:00Z&st=2019-07-01T00:00:00Z&sip=52.<...>.235&spr=https&sig=yD%2FRU<...>YU0%3D
It seems like the problem is with the construction of my URI/endpoints/connectionstring/etc, more than with permissions granted me on the server, due to the fact that when I click Next, the error displays instantaneously. I do not believe it even tried to reach out to the server.
What am I doing wrong? (As soon as I get this working, I'll be using the URI/etc to embed in my C# app for programmatic access.)
What you need to connect is a service requirement the "SRT" part of the URI.
The URI you have has a SRT of "CO" container and object and needs the "S" part, you need to create a new sas key this can be generated in portal, azure cli or powershell.
In the portal is this part:
You have to enter to the storage acount and select what you need:
Allowed services (if you are looking for blob)
Blob
Allowed resource types
Service (make sure this one is activated)
Container
Object
Allowed permissions (this to do everything)
Read
Write
Delete
List
Add
Create
Example where to look
If you need more info look here:
https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas?redirectedfrom=MSDN
If you like to create the SAS key in the CLI use this:
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-cli
If you like to create the SAS key in powershell use this:
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-powershell
I has a similar issue trying to connect to the blob container using a Shared Access Signature (SAS) URL, and this worked for me:
Instead of generating the SAS URL in Azure Portal, I used Azure Storage Explorer.
Right click the container that you want to share -> "Get Shared Access Signature"
Select the Expiry time and permissions and click create
This URL should work when your client/user will try to connect to the container.
Cheers
I had the same problem and managed to get this to work by hacking the URL and changing "srt=co" to "srt=sco". It seems to need the "s".
There is some confidential data of user that I am encrypting using DPAPI. This encrypted data is being stored in a file and is placed in %LOCALAPPDATA% folder.
How can I prevent other processes from accessing that file, since any other process running in the user session can decrypt it. Does windows have some provision to facilitate my requirement or is this a path that should not be pursued to protect the data?
In my WP 7 App, i have to store the images and XML file of two types,
1: first type of files are not updated frequently on server so i want to store them Permanently on local storage so that when ever app starts it can access these files from local storage , and when these files are updated on server , also update local storage files.I want these files not to be deleted on application termination.
2: Second type of files are those that i want to save in isolated storage temporarily e.g. app requested a XML file from server , i stored it locally and next time if app requests same file instead of getting it from server get it from local storage , and Delete these files when the application terminates..
How can i do this ?
Thanks
1) Isolated Storage is designed to be used to store data that should remain permanent (until the user uninstalls the app). There's example code of how to write and save a file on MSDN. Therefore, any file you save (temp or not), will be stored until the user uninstalls the app or your app deletes the file.
2) For temporary data, you can use the PhoneApplicationState property. This will automatically delete the files after your app closes. However, there's a size limit (I belive PhoneApplicationService.State has a limit of 4mb).
Alternatively, if the XML file is too big, you can write it to the Isolated Storage. Then, you can handle your page's Closing event and delete the file from Isolated Storage there using the DeleteFile method.
Typically file servers are used to store images for a web application. For more security and control you'd go for storing images in database. But this proves to be complex and slow.
Are there other mainstream options available other than db/file server, to store images securely with user permissions, etc.
Edit: I'm deployed on amazon cloud and use postgresql as db.
SQL Server 2008 offers the Filestream storage wich allows you to store data in the filesystem, yet accessing it thorugh the database. It can be useful if your only concern with using a database is performance.
If images are stored in a folder that has no direct web access permissions you can then do
<img src="getimage.aspx?id=1234">
and have your GetImage "page" do any appropraite permissions test (e.g. using session ID) and then "deliver" the image from the secure folder.
Downside is that the image is not cached I think? but I expect that is true of the database route too.
Storing images in the phyiscal database bloats the database, increasing backup & restore times; but it provides a single container which is great if you want to move everything to a new / multiple servers, or if ensuring referential integrity between Image and other data in the DB is important
Are you are concerned about people guessing a URL and directly accessing an image?
If so, you can still place the images on the filesystem, just outside your www directory. You create a page called ImageServer.php/.aspx/.jsp, grabs the image off of the filesystem and then serves it in response to a URL like:
ImageServer.php?image=BlueWhale.png
If you do this, be careful to correctly set the MIME type and expiry headers because Apache/IIS won't do it for you.