| Groups | Blog | Home |
dotnet security : storing a username and password
I have a WEB app that occasionally needs access to a specific username and
password. I don't want to store them in plain text. My thought is to encrypt the username and password and store the encrypted values in the WEB.config file, store the key and IV in a database table. The app can then decrypt and
Thanks for your response. I did as I described earlier but when I tried to
decrypt the decrypt the password it throws the following exception: "PKCS7 padding is invalid and cannot be removed" Any ideas? The decryption code is as follows: // source is the encrypted password // key and iv are stored in a table as strings // when I read them from the table I do a Trim public static string Decrypting(string source, string key, string iv) { // convert from Base64 to binary byte[] bytIn = System.Convert.FromBase64String(source); // create a MemoryStream with the input System.IO.MemoryStream ms = new System.IO.MemoryStream(bytIn,0,bytIn.Length); SymmetricAlgorithm alg = SymmetricAlgorithm.Create("Rijndael"); byte[] bytKey = Convert.FromBase64String(key); byte[] bytIV = Convert.FromBase64String(iv); ICryptoTransform encrypto = alg.CreateDecryptor(bytKey,bytIV); // create Crypto Stream that transforms a stream using the decryption CryptoStream cs = new CryptoStream(ms, encrypto, CryptoStreamMode.Read); // read out the result from the Crypto Stream System.IO.StreamReader sr = new System.IO.StreamReader( cs ); try { return sr.ReadToEnd(); } catch (Exception e) { string error = e.ToString(); return null; } [quoted text, click to view] "Yunus Emre ALPÖZEN [MCSD.NET]" wrote:
> Surely, why not? > > U can use RSA encryption and it is easy to import and export keys in .NET... > > -- > HTH > > Thanks, > Yunus Emre ALPÖZEN > BSc, MCSD.NET > > "rick" <rick@discussions.microsoft.com> wrote in message > news:9DE4C9AF-AC18-445B-9CA8-89F114EAFB7D@microsoft.com... > >I have a WEB app that occasionally needs access to a specific username and > > password. I don't want to store them in plain text. My thought is to > > encrypt > > the username and password and store the encrypted values in the WEB.config > > file, store the key and IV in a database table. The app can then decrypt > > and > > use. Is this a reasonable process? > >
Hello Rick,
why do you want to encrypt the password ?? do you need the clear text back?? Consider storing the password hashed, this eliminates key management. Have a look at PasswordDeriveBytes (1.1) and Rfc2989DeriveBytes (2.0) --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > I have a WEB app that occasionally needs access to a specific username > and password. I don't want to store them in plain text. My thought is > to encrypt the username and password and store the encrypted values in > the WEB.config file, store the key and IV in a database table. The > app can then decrypt and use. Is this a reasonable process? >
Surely, why not?
U can use RSA encryption and it is easy to import and export keys in .NET... -- HTH Thanks, Yunus Emre ALPÖZEN BSc, MCSD.NET [quoted text, click to view] "rick" <rick@discussions.microsoft.com> wrote in message news:9DE4C9AF-AC18-445B-9CA8-89F114EAFB7D@microsoft.com... >I have a WEB app that occasionally needs access to a specific username and > password. I don't want to store them in plain text. My thought is to > encrypt > the username and password and store the encrypted values in the WEB.config > file, store the key and IV in a database table. The app can then decrypt > and > use. Is this a reasonable process?
Thanks for the reply. We are doing some work with active directory and
sometimes we need the program to logon with a specific username and password. rick [quoted text, click to view] "Dominick Baier [DevelopMentor]" wrote:
> Hello Rick, > > why do you want to encrypt the password ?? do you need the clear text back?? > > Consider storing the password hashed, this eliminates key management. Have > a look at PasswordDeriveBytes (1.1) and Rfc2989DeriveBytes (2.0) > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > I have a WEB app that occasionally needs access to a specific username > > and password. I don't want to store them in plain text. My thought is > > to encrypt the username and password and store the encrypted values in > > the WEB.config file, store the key and IV in a database table. The > > app can then decrypt and use. Is this a reasonable process? > > > >
Thanks so much for the example. I still have a question. I don't understand
what FromXMLString(string pXMLString) does. I encrypted my password, converted it to an XML string and stored it. I then retrieve the string, must I use FromXMLString, if so what result do I get? Can I simply convert the XML string to a byte array and call Decrypt to get my clear text? thanks again rick [quoted text, click to view] "Yunus Emre ALPÖZEN [MCSD.NET]" wrote:
> I think this error caused by padding. but u use symmetric encryption. > There is OAEP(Optimal Asymmetric Encryption Padding) which is available for > Win XP and higher, that may cause. But i don't think in your case.. Still, i > advise u to use RSA. Here is a sample code for encryption and decryption: > > using System; > using System.Text; > using System.Security.Cryptography; > namespace RSATest > { > class RSASample > { > private RSACryptoServiceProvider rsa; > public RSASample() > { > rsa = new RSACryptoServiceProvider(); > } > public string ToXMLString(bool pIncludePrivateParameters) > { > return rsa.ToXmlString(pIncludePrivateParameters); > } > public void FromXMLString(string pXMLString) > { > rsa.FromXmlString(pXMLString); > } > public byte[] Encrypt(string stringToEncrypt) > { > byte[] buffer = Encoding.UTF8.GetBytes(stringToEncrypt); > return rsa.Encrypt(buffer, false); > } > public string Decrypt(byte[] buffer) > { > return Encoding.UTF8.GetString(rsa.Decrypt(buffer, false)); > } > } > } > You should store XML string at the time of encryption and rebuild it from > xmlstring when u want to decrypt it.. > > -- > HTH > > Thanks, > Yunus Emre ALPÖZEN > BSc, MCSD.NET > > "rick" <rick@discussions.microsoft.com> wrote in message > news:CD11C165-25B6-45D8-BC6D-306B2E19968F@microsoft.com... > > Thanks for your response. I did as I described earlier but when I tried > > to > > decrypt the decrypt the password it throws the following exception: > > "PKCS7 padding is invalid and cannot be removed" > > > > Any ideas? > > > > The decryption code is as follows: > > > > // source is the encrypted password > > // key and iv are stored in a table as strings > > // when I read them from the table I do a Trim > > public static string Decrypting(string source, string key, string iv) > > > > { > > // convert from Base64 to binary > > byte[] bytIn = System.Convert.FromBase64String(source); > > // create a MemoryStream with the input > > System.IO.MemoryStream ms = new > > System.IO.MemoryStream(bytIn,0,bytIn.Length); > > > > SymmetricAlgorithm alg = SymmetricAlgorithm.Create("Rijndael"); > > > > byte[] bytKey = Convert.FromBase64String(key); > > byte[] bytIV = Convert.FromBase64String(iv); > > > > > > > > ICryptoTransform encrypto = alg.CreateDecryptor(bytKey,bytIV); > > > > // create Crypto Stream that transforms a stream using the decryption > > CryptoStream cs = new CryptoStream(ms, encrypto, CryptoStreamMode.Read); > > > > // read out the result from the Crypto Stream > > System.IO.StreamReader sr = new System.IO.StreamReader( cs ); > > try > > { > > return sr.ReadToEnd(); > > } > > catch (Exception e) > > { > > string error = e.ToString(); > > return null; > > } > > > > "Yunus Emre ALPÖZEN [MCSD.NET]" wrote: > > > >> Surely, why not? > >> > >> U can use RSA encryption and it is easy to import and export keys in > >> .NET... > >> > >> -- > >> HTH > >> > >> Thanks, > >> Yunus Emre ALPÖZEN > >> BSc, MCSD.NET > >> > >> "rick" <rick@discussions.microsoft.com> wrote in message > >> news:9DE4C9AF-AC18-445B-9CA8-89F114EAFB7D@microsoft.com... > >> >I have a WEB app that occasionally needs access to a specific username > >> >and > >> > password. I don't want to store them in plain text. My thought is to > >> > encrypt > >> > the username and password and store the encrypted values in the > >> > WEB.config > >> > file, store the key and IV in a database table. The app can then > >> > decrypt > >> > and > >> > use. Is this a reasonable process? > >> > >> > >> > >
I think this error caused by padding. but u use symmetric encryption.
There is OAEP(Optimal Asymmetric Encryption Padding) which is available for Win XP and higher, that may cause. But i don't think in your case.. Still, i advise u to use RSA. Here is a sample code for encryption and decryption: using System; using System.Text; using System.Security.Cryptography; namespace RSATest { class RSASample { private RSACryptoServiceProvider rsa; public RSASample() { rsa = new RSACryptoServiceProvider(); } public string ToXMLString(bool pIncludePrivateParameters) { return rsa.ToXmlString(pIncludePrivateParameters); } public void FromXMLString(string pXMLString) { rsa.FromXmlString(pXMLString); } public byte[] Encrypt(string stringToEncrypt) { byte[] buffer = Encoding.UTF8.GetBytes(stringToEncrypt); return rsa.Encrypt(buffer, false); } public string Decrypt(byte[] buffer) { return Encoding.UTF8.GetString(rsa.Decrypt(buffer, false)); } } } You should store XML string at the time of encryption and rebuild it from xmlstring when u want to decrypt it.. -- HTH Thanks, Yunus Emre ALPÖZEN BSc, MCSD.NET [quoted text, click to view] "rick" <rick@discussions.microsoft.com> wrote in message news:CD11C165-25B6-45D8-BC6D-306B2E19968F@microsoft.com... > Thanks for your response. I did as I described earlier but when I tried > to > decrypt the decrypt the password it throws the following exception: > "PKCS7 padding is invalid and cannot be removed" > > Any ideas? > > The decryption code is as follows: > > // source is the encrypted password > // key and iv are stored in a table as strings > // when I read them from the table I do a Trim > public static string Decrypting(string source, string key, string iv) > > { > // convert from Base64 to binary > byte[] bytIn = System.Convert.FromBase64String(source); > // create a MemoryStream with the input > System.IO.MemoryStream ms = new > System.IO.MemoryStream(bytIn,0,bytIn.Length); > > SymmetricAlgorithm alg = SymmetricAlgorithm.Create("Rijndael"); > > byte[] bytKey = Convert.FromBase64String(key); > byte[] bytIV = Convert.FromBase64String(iv); > > > > ICryptoTransform encrypto = alg.CreateDecryptor(bytKey,bytIV); > > // create Crypto Stream that transforms a stream using the decryption > CryptoStream cs = new CryptoStream(ms, encrypto, CryptoStreamMode.Read); > > // read out the result from the Crypto Stream > System.IO.StreamReader sr = new System.IO.StreamReader( cs ); > try > { > return sr.ReadToEnd(); > } > catch (Exception e) > { > string error = e.ToString(); > return null; > } > > "Yunus Emre ALPÖZEN [MCSD.NET]" wrote: > >> Surely, why not? >> >> U can use RSA encryption and it is easy to import and export keys in >> .NET... >> >> -- >> HTH >> >> Thanks, >> Yunus Emre ALPÖZEN >> BSc, MCSD.NET >> >> "rick" <rick@discussions.microsoft.com> wrote in message >> news:9DE4C9AF-AC18-445B-9CA8-89F114EAFB7D@microsoft.com... >> >I have a WEB app that occasionally needs access to a specific username >> >and >> > password. I don't want to store them in plain text. My thought is to >> > encrypt >> > the username and password and store the encrypted values in the >> > WEB.config >> > file, store the key and IV in a database table. The app can then >> > decrypt >> > and >> > use. Is this a reasonable process? >> >> >>
Hi,
just use CryptProtectData/CryptUnprotectData,... or if you use .Net 2.0, then use ProtectedData class for that matter. It will give you good enough protection (which most probably will be better than whatever you can come up by your-self). CryptProtectData/CryptUnprotectData essentially reduces protection of you data to protection of your logon password... -Valery. http://www.harper.no/valery [quoted text, click to view] "rick" <rick@discussions.microsoft.com> wrote in message
news:9DE4C9AF-AC18-445B-9CA8-89F114EAFB7D@microsoft.com... >I have a WEB app that occasionally needs access to a specific username and > password. I don't want to store them in plain text. My thought is to > encrypt > the username and password and store the encrypted values in the WEB.config > file, store the key and IV in a database table. The app can then decrypt > and > use. Is this a reasonable process?
[quoted text, click to view]
"Yunus Emre ALPÖZEN [MCSD.NET]" wrote: >I think this error caused by padding. but u use symmetric encryption. > There is OAEP(Optimal Asymmetric Encryption Padding) which is available > for Win XP and higher, that may cause. But i don't think in your case.. > Still, i advise u to use RSA. And why would you advise such a thing? In any regard this is a bogus advise... and, btw, OAEP is only related to asymmetric encryption. .... and another btw, even so OAEP provides semantic security to RSA under assumption that factoring is hard, but ROSA-KEM have much stronger and simpler security prove. .... and third btw: pkcs7 symmetric padding is default padding that simply adds bytes to fill up whole block, each byte containing total length of padding (i.e. 0x4, 0x4, 0x4, 0x4 means that block was padded with four bytes). ....and fourth btw: to match strength of 128 bit AES you have to use at least 4096 bit RSA. ....and at last - for purposes of OP, CryptProtectData/CryptUnprotectData (or ProtectedData in .Net 2.0) would do much better job, than other protection schemes that wasn't designed by from professional cryptographers. -Valery. http://www.harper.no/valery
Thanks Yunus. I am having difficulty with this. If you can post an sample
app I would be most appreciative. thanks rick [quoted text, click to view] "Yunus Emre ALPÖZEN [MCSD.NET]" wrote:
> ToXMLString allows u to store public and private keys.. Every time u create > an instance of RSA object, it re-generates public and private keys. You can > not decrypt a byte array unless u know private key.. You must rebuilt > private and public keys using from xml string.. > > U can easily test it by storing xml string and byte array in two different > files and test how to encrypt and decrypt them.. If u have any further > question implementing this application i might send u a sample application.. > > -- > HTH > > Thanks, > Yunus Emre ALPÖZEN > BSc, MCSD.NET > > "rick" <rick@discussions.microsoft.com> wrote in message > news:3685F286-52AC-4961-B36D-0D720351A718@microsoft.com... > > Thanks so much for the example. I still have a question. I don't > > understand > > what FromXMLString(string pXMLString) does. I encrypted my password, > > converted it to an XML string and stored it. I then retrieve the string, > > must > > I use FromXMLString, if so what result do I get? Can I simply convert the > > XML string to a byte array and call Decrypt to get my clear text? > > > > thanks again > > > > rick > > > > "Yunus Emre ALPÖZEN [MCSD.NET]" wrote: > > > >> I think this error caused by padding. but u use symmetric encryption. > >> There is OAEP(Optimal Asymmetric Encryption Padding) which is available > >> for > >> Win XP and higher, that may cause. But i don't think in your case.. > >> Still, i > >> advise u to use RSA. Here is a sample code for encryption and decryption: > >> > >> using System; > >> using System.Text; > >> using System.Security.Cryptography; > >> namespace RSATest > >> { > >> class RSASample > >> { > >> private RSACryptoServiceProvider rsa; > >> public RSASample() > >> { > >> rsa = new RSACryptoServiceProvider(); > >> } > >> public string ToXMLString(bool pIncludePrivateParameters) > >> { > >> return rsa.ToXmlString(pIncludePrivateParameters); > >> } > >> public void FromXMLString(string pXMLString) > >> { > >> rsa.FromXmlString(pXMLString); > >> } > >> public byte[] Encrypt(string stringToEncrypt) > >> { > >> byte[] buffer = Encoding.UTF8.GetBytes(stringToEncrypt); > >> return rsa.Encrypt(buffer, false); > >> } > >> public string Decrypt(byte[] buffer) > >> { > >> return Encoding.UTF8.GetString(rsa.Decrypt(buffer, false)); > >> } > >> } > >> } > >> You should store XML string at the time of encryption and rebuild it from > >> xmlstring when u want to decrypt it.. > >> > >> -- > >> HTH > >> > >> Thanks, > >> Yunus Emre ALPÖZEN > >> BSc, MCSD.NET > >> > >> "rick" <rick@discussions.microsoft.com> wrote in message > >> news:CD11C165-25B6-45D8-BC6D-306B2E19968F@microsoft.com... > >> > Thanks for your response. I did as I described earlier but when I > >> > tried > >> > to > >> > decrypt the decrypt the password it throws the following exception: > >> > "PKCS7 padding is invalid and cannot be removed" > >> > > >> > Any ideas? > >> > > >> > The decryption code is as follows: > >> > > >> > // source is the encrypted password > >> > // key and iv are stored in a table as strings > >> > // when I read them from the table I do a Trim > >> > public static string Decrypting(string source, string key, string iv) > >> > > >> > { > >> > // convert from Base64 to binary > >> > byte[] bytIn = System.Convert.FromBase64String(source); > >> > // create a MemoryStream with the input > >> > System.IO.MemoryStream ms = new > >> > System.IO.MemoryStream(bytIn,0,bytIn.Length); > >> > > >> > SymmetricAlgorithm alg = SymmetricAlgorithm.Create("Rijndael"); > >> > > >> > byte[] bytKey = Convert.FromBase64String(key); > >> > byte[] bytIV = Convert.FromBase64String(iv); > >> > > >> > > >> > > >> > ICryptoTransform encrypto = alg.CreateDecryptor(bytKey,bytIV); > >> > > >> > // create Crypto Stream that transforms a stream using the decryption > >> > CryptoStream cs = new CryptoStream(ms, encrypto, > >> > CryptoStreamMode.Read); > >> > > >> > // read out the result from the Crypto Stream > >> > System.IO.StreamReader sr = new System.IO.StreamReader( cs ); > >> > try > >> > { > >> > return sr.ReadToEnd(); > >> > } > >> > catch (Exception e) > >> > { > >> > string error = e.ToString(); > >> > return null; > >> > } > >> > > >> > "Yunus Emre ALPÖZEN [MCSD.NET]" wrote: > >> > > >> >> Surely, why not? > >> >> > >> >> U can use RSA encryption and it is easy to import and export keys in > >> >> .NET... > >> >> > >> >> -- > >> >> HTH > >> >> > >> >> Thanks, > >> >> Yunus Emre ALPÖZEN > >> >> BSc, MCSD.NET > >> >> > >> >> "rick" <rick@discussions.microsoft.com> wrote in message > >> >> news:9DE4C9AF-AC18-445B-9CA8-89F114EAFB7D@microsoft.com... > >> >> >I have a WEB app that occasionally needs access to a specific > >> >> >username > >> >> >and > >> >> > password. I don't want to store them in plain text. My thought is > >> >> > to > >> >> > encrypt > >> >> > the username and password and store the encrypted values in the > >> >> > WEB.config > >> >> > file, store the key and IV in a database table. The app can then > >> >> > decrypt > >> >> > and > >> >> > use. Is this a reasonable process? > >> >> > >> >> > >> >> > >> > >> > >> > >
ToXMLString allows u to store public and private keys.. Every time u create
an instance of RSA object, it re-generates public and private keys. You can not decrypt a byte array unless u know private key.. You must rebuilt private and public keys using from xml string.. U can easily test it by storing xml string and byte array in two different files and test how to encrypt and decrypt them.. If u have any further question implementing this application i might send u a sample application.. -- HTH Thanks, Yunus Emre ALPÖZEN BSc, MCSD.NET [quoted text, click to view] "rick" <rick@discussions.microsoft.com> wrote in message news:3685F286-52AC-4961-B36D-0D720351A718@microsoft.com... > Thanks so much for the example. I still have a question. I don't > understand > what FromXMLString(string pXMLString) does. I encrypted my password, > converted it to an XML string and stored it. I then retrieve the string, > must > I use FromXMLString, if so what result do I get? Can I simply convert the > XML string to a byte array and call Decrypt to get my clear text? > > thanks again > > rick > > "Yunus Emre ALPÖZEN [MCSD.NET]" wrote: > >> I think this error caused by padding. but u use symmetric encryption. >> There is OAEP(Optimal Asymmetric Encryption Padding) which is available >> for >> Win XP and higher, that may cause. But i don't think in your case.. >> Still, i >> advise u to use RSA. Here is a sample code for encryption and decryption: >> >> using System; >> using System.Text; >> using System.Security.Cryptography; >> namespace RSATest >> { >> class RSASample >> { >> private RSACryptoServiceProvider rsa; >> public RSASample() >> { >> rsa = new RSACryptoServiceProvider(); >> } >> public string ToXMLString(bool pIncludePrivateParameters) >> { >> return rsa.ToXmlString(pIncludePrivateParameters); >> } >> public void FromXMLString(string pXMLString) >> { >> rsa.FromXmlString(pXMLString); >> } >> public byte[] Encrypt(string stringToEncrypt) >> { >> byte[] buffer = Encoding.UTF8.GetBytes(stringToEncrypt); >> return rsa.Encrypt(buffer, false); >> } >> public string Decrypt(byte[] buffer) >> { >> return Encoding.UTF8.GetString(rsa.Decrypt(buffer, false)); >> } >> } >> } >> You should store XML string at the time of encryption and rebuild it from >> xmlstring when u want to decrypt it.. >> >> -- >> HTH >> >> Thanks, >> Yunus Emre ALPÖZEN >> BSc, MCSD.NET >> >> "rick" <rick@discussions.microsoft.com> wrote in message >> news:CD11C165-25B6-45D8-BC6D-306B2E19968F@microsoft.com... >> > Thanks for your response. I did as I described earlier but when I >> > tried >> > to >> > decrypt the decrypt the password it throws the following exception: >> > "PKCS7 padding is invalid and cannot be removed" >> > >> > Any ideas? >> > >> > The decryption code is as follows: >> > >> > // source is the encrypted password >> > // key and iv are stored in a table as strings >> > // when I read them from the table I do a Trim >> > public static string Decrypting(string source, string key, string iv) >> > >> > { >> > // convert from Base64 to binary >> > byte[] bytIn = System.Convert.FromBase64String(source); >> > // create a MemoryStream with the input >> > System.IO.MemoryStream ms = new >> > System.IO.MemoryStream(bytIn,0,bytIn.Length); >> > >> > SymmetricAlgorithm alg = SymmetricAlgorithm.Create("Rijndael"); >> > >> > byte[] bytKey = Convert.FromBase64String(key); >> > byte[] bytIV = Convert.FromBase64String(iv); >> > >> > >> > >> > ICryptoTransform encrypto = alg.CreateDecryptor(bytKey,bytIV); >> > >> > // create Crypto Stream that transforms a stream using the decryption >> > CryptoStream cs = new CryptoStream(ms, encrypto, >> > CryptoStreamMode.Read); >> > >> > // read out the result from the Crypto Stream >> > System.IO.StreamReader sr = new System.IO.StreamReader( cs ); >> > try >> > { >> > return sr.ReadToEnd(); >> > } >> > catch (Exception e) >> > { >> > string error = e.ToString(); >> > return null; >> > } >> > >> > "Yunus Emre ALPÖZEN [MCSD.NET]" wrote: >> > >> >> Surely, why not? >> >> >> >> U can use RSA encryption and it is easy to import and export keys in >> >> .NET... >> >> >> >> -- >> >> HTH >> >> >> >> Thanks, >> >> Yunus Emre ALPÖZEN >> >> BSc, MCSD.NET >> >> >> >> "rick" <rick@discussions.microsoft.com> wrote in message >> >> news:9DE4C9AF-AC18-445B-9CA8-89F114EAFB7D@microsoft.com... >> >> >I have a WEB app that occasionally needs access to a specific >> >> >username >> >> >and >> >> > password. I don't want to store them in plain text. My thought is >> >> > to >> >> > encrypt >> >> > the username and password and store the encrypted values in the >> >> > WEB.config >> >> > file, store the key and IV in a database table. The app can then >> >> > decrypt >> >> > and >> >> > use. Is this a reasonable process? >> >> >> >> >> >> >> >> >>
you may try this:
http://www.codeproject.com/csharp/PassWDCipher.asp i'm not sure if this is a good aproach but looks promising. [quoted text, click to view] rick wrote:
> I have a WEB app that occasionally needs access to a specific username and > password. I don't want to store them in plain text. My thought is to encrypt > the username and password and store the encrypted values in the WEB.config > file, store the key and IV in a database table. The app can then decrypt and
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |