February 23, 2010

Using DAPI to Secure MOSS Data

Saw this very interesting post from Dr. Z’s blog located here about using the Windows Data Protection API inside of SharePoint to secure data.  It is a little thick for me since I’m not truly a developer (yet), but anytime I can see a real world example with SharePoint AND an example of using the Enterprise Library Patterns in the real world is worth a mention.

The basic idea is that you can use the application pool identity of your MOSS farm and reference into the DAPI to do the heavy lifting of securing data into the MOSS database.  Warning well headed of course, about not doing this if you are using a local machine account (Local System or Network Service) to secure your data as if you open up another WFE, that account would be different and you’d just get gunk back.

The question I have is this: would this model still be useful when using transparent encryption on the SQL server (available in R2 but not 2008 RTM I believe) or is the author going at something more fundamental?  Anyways, good example code!