StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
19009371
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-09-25T15:42:06.073
FavoriteCount
0
LastActivityDate
2013-09-25T15:42:06.073
LastEditDate
LastEditorUserId
0
OwnerUserId
1026676
ParentId
1369866
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
I think it may be solved partially by a kind of credentials storage service. I mean a kind of service that do not need a passwords, but allows access only for machines and SSPI-authenticated users which are white-listed. This service can be a simple WebAPI hosted under SSLed server, with simple principles like so: 0) secured pieces have a kind of ACL with IP whitelist, or machine name-based, or certificate-based whitelist per named resource, or mixed. 1) all changes to stored data are made only via RDP access or SSH to the server hosting the service. 2) the secured pieces of information are accessed only via SSL and this API is read-only. 3) client must pre-confirm own permissons and obtain a temporary token with a call to api like <a href="https://s.product.com/" rel="nofollow">https://s.product.com/</a> 3) client must provide a certificate and machine identity must match with the logical whitelist data for resource on each call. 4) requesting of data looks like so: Url: <a href="https://s.product.com/resource-name" rel="nofollow">https://s.product.com/resource-name</a> Header: X-Ticket: value obtained at step 3, until it expire, Certificate: same certificate as it used for step 3. So, instead of username and password, it is possible it store alias for such secured resource in connection string, and in code this alias is replaced by real username-password, obtained from step 4, in a Sql connection factory. Alias can be specified as username in special format like obscured@s.product.com/product1/dev/resource-name Dev and prod instances can have different credentials aliases, like product1.dev/resource1 and product1/staging/resource1 and so on. So, only by debugging prod server, sniffing its traffic, or by embedding a logging - emailing code at compilation time it is possible to know production credentials for actual secured resource.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POBest Practices for storing passwords in Windows Azure
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USKonstantin Isaev
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.