Storing Credentials and Other Secrets Securely

Consider the following requirements for a fictional application: it stores data in a SQL Server CE database, and it communicates with a Web service that authenticates users using Hypertext Transfer Protocol (HTTP) Basic authentication. Your threat analysis has identified the following vulnerabilities:

  • The data in the database includes details of your company's customers, so must not fall into the hands of your competitors.

  • The Uniform Resource Locator (URL) of the Web service and the credentials required to authenticate must also be kept secret, so as to reduce the likelihood of an attacker trying to break into your backend systems.

  • Data transmitted must be unintelligible to anyone who manages to intercept ...

Get Microsoft® Mobile Development Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.