Skip to content

Latest commit

 

History

History
42 lines (30 loc) · 2.54 KB

security-and-the-registry.md

File metadata and controls

42 lines (30 loc) · 2.54 KB
Raw
description title ms.date helpviewer_keywords ms.assetid
Learn more about: Security and the Registry (Visual Basic)
Security and the Registry
07/20/2015
security [Visual Basic], registry
registry [Visual Basic], security issues
9980aff7-2f69-492b-8f66-29a9a76d3df5

Security and the Registry (Visual Basic)

This page discusses the security implications of storing data in the registry.

Permissions

It is not secure to store secrets, such as passwords, in the registry as plain text, even if the registry key is protected by ACLs (access control lists).

Working with the registry may compromise security by allowing inappropriate access to system resources or protected information. To use these properties, you must have read and write permissions from the xref:System.Security.Permissions.RegistryPermissionAccess enumeration, which controls access to registry variables. Any code running with full trust (under the default security policy, this is any code installed on the user's local hard disk) has the necessary permissions to access the registry. For more information, see xref:System.Security.Permissions.RegistryPermission class.

Registry variables should not be stored in memory locations where code without xref:System.Security.Permissions.RegistryPermission can access them. Similarly, when granting permissions, grant the minimum privileges necessary to get the job done.

Registry permission access values are defined by the xref:System.Security.Permissions.RegistryPermissionAccess enumeration. The following table details its members.

Value Access to Registry Variables
AllAccess Create, read, and write
Create Create
NoAccess No access
Read Read
Write Write

Checking Values in Registry Keys

When you create a registry value, you need to decide what to do if that value already exists. Another process, perhaps a malicious one, may have already created the value and have access to it. When you put data in the registry value, the data is available to the other process. To prevent this, use the GetValue method. It returns Nothing if the key does not already exist.

Important

When reading the registry from a Web application, the identity of current user depends on the authentication and impersonation implemented in the Web application.

See also