Storing Credentials and Other Secrets Securely

Consider the following requirements for a fictional application: it stores data in a SQL Server CE database, and it communicates with a Web service that authenticates users using Hypertext Transfer Protocol (HTTP) Basic authentication. Your threat analysis has identified the following vulnerabilities:

  • The data in the database includes details of your company's customers, so must not fall into the hands of your competitors.

  • The Uniform Resource Locator (URL) of the Web service and the credentials required to authenticate must also be kept secret, so as to reduce the likelihood of an attacker trying to break into your backend systems.

  • Data transmitted must be unintelligible to anyone who manages to intercept ...

Get Microsoft® Mobile Development Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.