Protect Access to Your Credential Store

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Ensure only those accounts that require access are granted access to your credential store. This helps to protect the credential store by limiting access to it. For example, consider limiting access to only your application's account. Ensure that the connection string used to identify your credential store is encrypted.

Also consider storing your credential database on a physically separate server from your WCF application server. This makes it harder for an attacker to compromise your credential store even if he manages to take control of your server.

Last edited Jun 12, 2008 at 9:48 PM by prashantbansode, version 1

Comments

No comments yet.