We would like to access the registry with our ISAPI DLL. We are using IIS 5 The assuption is to give access to the IUSR_xxxxxxxx account permissions to the registry correct? As well we would like to connect to the database using our ISAPI DLL the username and password are stored in char * pointers. When the DLL is compiled the username and password are visible if you are to open the DLL in a text editor. Are there any recommended ways to hide the username and password? One thought was the registry.
This blog entry describes the user identity IIS uses to execute code: http://blogs.msdn.com/david.wang/archive/2005/06/29/IIS_User_Identity_to_Run_Code_Part_2.aspx I suggest against using hard coded shared secret for security. Using the registry is not a solution since it can be easily viewed with RegEdit. I suggest looking at the Windows Crypto API for encryption and Windows Secure Store APIs for storing secrets. How far you go depends on how much security you need. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Someone" wrote in message news:EE856F3E-8B77-4BE3-9C41-78A44CDC71DC@microsoft.com... > We would like to access the registry with our ISAPI DLL. We are using IIS > 5 > > The assuption is to give access to the IUSR_xxxxxxxx account permissions > to > the registry correct? > > As well we would like to connect to the database using our ISAPI DLL the > username and password are stored in char * pointers. When the DLL is > compiled > the username and password are visible if you are to open the DLL in a text > editor. Are there any recommended ways to hide the username and password? > One > thought was the registry.
