This project is read-only.

Protect access to your credential store

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Ensure only those accounts that require access are granted access to your credential store. This helps to protect the credential store by limiting access to it. For example, consider limiting access to only your application's account. Ensure that the connection string used to identify your credential store is encrypted.

Also consider storing your credential database on a physically separate server from your WCF application server. This makes it harder for an attacker to compromise your credential store even if he manages to take control of your server.

Last edited Apr 16, 2008 at 11:42 PM by prashantbansode, version 1


No comments yet.