.net - What is the best practice for securing WPF application configuration settings?

Question

I am aware that this is a more subjective question than is preferred, but I couldn't think of a better place or way to ask it.

I am developing a WPF application, and I have configuration settings in an App.config file. Some of these settings are sensitive information, and it would be best if the users of the machine could not directly access them (the settings would be set during install or administrator configuration).

What is the best way to protect application configuration settings for a WPF desktop application?

Thanks for any help.

Answer 1

This question has nothing to do with WPF per se.

.Net offers a wide load of encryption methods.

For passwords, you should really look into one way hash like BCrypt. Then when you authenticate you just hash (make sure you use a salt as well) what the user entered and see if it hashes to the same thing.

For URLs etc I would suggest you check out this question.

You might also find this question similar to yours