Using DAPI to Secure MOSS Data

Slalom Consultant Derek Martin

Slalom Consultant Derek Martin is an accomplished Microsoft systems developer and integrator, experienced in developing and deploying SharePoint and CRM solutions, integrating line of business applications, and leveraging existing infrastructure investments.

Saw this very interesting post from Dr. Z’s blog located here about using the Windows Data Protection API inside of SharePoint to secure data.  It is a little thick for me since I’m not truly a developer (yet), but anytime I can see a real world example with SharePoint AND an example of using the Enterprise Library Patterns in the real world is worth a mention.

The basic idea is that you can use the application pool identity of your MOSS farm and reference into the DAPI to do the heavy lifting of securing data into the MOSS database.  Warning well headed of course, about not doing this if you are using a local machine account (Local System or Network Service) to secure your data as if you open up another WFE, that account would be different and you’d just get gunk back.

The question I have is this: would this model still be useful when using transparent encryption on the SQL server (available in R2 but not 2008 RTM I believe) or is the author going at something more fundamental?  Anyways, good example code!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: