Trade-Offs When Protecting Secret Data
Like everything in the world of software development, building secure systems is all about making trade-offs. The most significant trade-offs you need to consider when building applications that store secrets are as follows:
Relative security
Effort required to develop such an application
Ease of deployment
Personally, I think if you need to protect data, then you need to protect data regardless of the development cost. A little extra time spent in development getting the solution right will save time and money in the future. The big trade-offs are relative security versus ease of application deployment. The reason should be obvious: if some data is secured, it's probably not very deployable! Table 9-1 offers a high-level view of the relative costs of the different data protection techniques; you should use it as a guideline.
Option | Relative Security | Development Effort | Deployment Ease |
Configuration files (no encryption, for comparison only) | None | Low | High |
Embedded secrets in code do not do this! | None | Low | Medium |
COM+ construct strings | Medium | Medium | Medium |
LSA secrets | High | High | Low |
DPAPI (local machine) | High | Medium | Low |
DPAPI (user data) | High | Medium | Medium |