Practical / applied application security

Ok, here's my problem. I am working with a game engine that will end up being multi-layered. this engine allows you to record games in .NET or Lua (built-in scripting engine). However, for security, I would like people not to view these files and of course, prevent them from editing them. My solution was to create a virtual filesystem with encrypted headers. Thus, it would be difficult to locate the contents of the game data files, and if someone did, they would not be able to edit them without a key, otherwise it would be wrong.

Another issue with the current game is that it connects to SQL data to get certain data, which means the DB connection string and password are stored inside the application.

However, how do you deal with storing passwords inside a .Net application? I know they can be decompiled, and would it be pointless to store the private keys inside a readable config file like most professionals do?

0


source to share


1 answer


Typically, client applications do not connect directly to the database. Instead, connect to the server that handles remote calls on behalf of the application. In such a scenario, the only thing that requires a password for the database is the server.



In today's .Net world, a server is usually built with WCF

+2


source







All Articles