1
I have the following scenario:
(and unfortunately I can’t change anything in the infrastructure, but I can change anything in relation to the code of the Application and the Webservice)
An intranet with multiple databases that can only be accessed by those inside the network.
A Webservice (at the top of the image) was created and placed on this internal network to provide certain services for specific external applications.
A specific external application (in Asp.Net MVC at the bottom of the image) that consumes the services available on the Webservice, manipulates the data and makes the information available to customers.
There is a database (left in the image) where all the data generated through the application is stored, but is also accessible by Webservice.
Unfortunately, the data to access each of the databases of the internal network is in the application’s database. Extremely sensitive data!
As I cannot remove sensitive data and create a new database within the internal network to keep it "safe", I thought about the following process:
After a request made by the client in the application, a "Token" is generated and saved in the application database.
After saving the Token, the application requests the Webservice by sending the Token. Since Webservice has access to the application database, it is easy to validate the Token.
If all is right, then Webservice generates the keys using the class RSACryptoServiceProvider and returns the public key, also keeping the private key somewhere (could be the session?).
Upon receiving the public key, the application encrypts the sensitive data, and also generates the public and private keys in the same way, sending together the sensitive data encrypted the public key to the Webservice.
Webservice receives the data and will be able to decrypt everything with the private key previously stored "securely", so it searches the data on the internal network, encrypts everything with the public key it received from the application and returns the data to it.
The application can then decrypt the data with its private key and give feedback to the user.
Doubts are:
- This is really the safest way to carry out the whole process in view of all the limitations and possibilities cited?
- It would be appropriate ("secure") to store the generated private key in the Webservice in one session?