Security and the Registry

Article
11/16/2012

This page discusses the security implications of storing data in the registry.

Permissions

It is not secure to store secrets, such as passwords, in the registry as plain text, even if the registry key is protected by ACLs (access control lists).

Working with the registry may compromise security by allowing inappropriate access to system resources or protected information. To use these properties, you must have read and write permissions from the RegistryPermissionAccess enumeration, which controls access to registry variables. Any code running with full trust (under the default security policy, this is any code installed on the user's local hard disk) has the necessary permissions to access the registry. For more information, see RegistryPermission class.

Registry variables should not be stored in memory locations where code without RegistryPermission can access them. Similarly, when granting permissions, grant the minimum privileges necessary to get the job done.

Registry permission access values are defined by the RegistryPermissionAccess enumeration. The following table details its members.

Value	Access to Registry Variables
AllAccess	Create, read, and write
Create	Create
NoAccess	No access
Read	Read
Write	Write

Checking Values in Registry Keys

When you create a registry value, you need to decide what to do if that value already exists. Another process, perhaps a malicious one, may have already created the value and have access to it. When you put data in the registry value, the data is available to the other process. To prevent this, use the GetValue method. It returns Nothing if the key does not already exist.

Security Note:
When reading the registry from a Web application, the identity of current user depends on the authentication and impersonation implemented in the Web application.

Security and the Registry

Permissions

Checking Values in Registry Keys

See Also

Tasks

Concepts

Reference

Other Resources

Additional resources