Most of the information that I found and read about the correct storage of passwords in the database says that I have to hash the text to clear the password with a unique salt value for each user, and then store this hash in the database. But this process does not work for my needs ...
I have a Windows service written in C # that needs to connect to other remote computers in different data centers using special service accounts. These service accounts are similar to domain user accounts, but there are no real people behind them, and they only have the appropriate permissions to perform the service payload on each specific server. Maintenance information is stored in a SQL Server table, including the password for each account. I am currently using symmetric encryption (Rijndael) to confuse passwords in a database table. The key is stored in a separate configuration file, which has strict access rights.
Each time a service has a scheduled payload to run on a remote computer, I look at the corresponding service account information on the table and sniffed it with a key. There is also an internal website, which is basically an interface for managing various settings of this service, and there the administrator can view and change the password for the service accounts.
Is this a good security approach? Are there any obvious flaws in this scheme?
c # passwords encryption encryption-symmetric
Ξ» Jonas Gorauskas
source share