Fog Creek Software
Discussion Board




FogBugz and MachineKeys

Seems like the FogBugz installation is setting permissions on the C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys directory, giving itself full control ... Why is this?

This directory is obviously extremely sensitive since it contains the private RSA credentials for services like IIS...

Furthermore, changing the default permissions on this directory, made CryptoAPI barf upon calling certain functions (like CryptGenKey)

Daniel Granath
Monday, November 24, 2003

In older versions of FogBUGZ, the user fogbugz needed to call all the crypto functions, and if it didn't have permissions on those folders and registry settings, the function calls would fail.

Michael H. Pryor (fogcreek)
Monday, November 24, 2003

*  Recent Topics

*  Fog Creek Home