best approach for storing login info
-
I have an application that connects to a database where the user has to log in to access the app. The login screen is the first screen the user encounters and requires the user to enter username/psswd info along with database info (i.e. database name, server name, etc...). I want to set it up so that when the app is run it will pull up the info entered by the user from the last time. What is the best way to approach this? I thought of XML serialization, but as I understand it, this is not a secure method and therefore passwd info should not be stored in passwd file. I already make a database connection in this form, so if I could I would like to store this data in the database, but I cannot make the connection string until the user enters that info. I suppose I could do the mix of the two, but how will that affect performance? Any one have thoughts. Thanks in advance.
-
I have an application that connects to a database where the user has to log in to access the app. The login screen is the first screen the user encounters and requires the user to enter username/psswd info along with database info (i.e. database name, server name, etc...). I want to set it up so that when the app is run it will pull up the info entered by the user from the last time. What is the best way to approach this? I thought of XML serialization, but as I understand it, this is not a secure method and therefore passwd info should not be stored in passwd file. I already make a database connection in this form, so if I could I would like to store this data in the database, but I cannot make the connection string until the user enters that info. I suppose I could do the mix of the two, but how will that affect performance? Any one have thoughts. Thanks in advance.
-
Using the registry is not recommended for .NET applications. Instead (to the original poster) you can still encrypt the password and save it to the .config file (named yourappname.exe.config) either in the
<appSettings>or to your own section that you can create using an implementation ofIConfigurationSectionHandler. Using .config files is far more robust for .NET apps because it centralizes application settings. The idea would still be the same, though, and there's many ways to accomplish the task.-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
-
I have an application that connects to a database where the user has to log in to access the app. The login screen is the first screen the user encounters and requires the user to enter username/psswd info along with database info (i.e. database name, server name, etc...). I want to set it up so that when the app is run it will pull up the info entered by the user from the last time. What is the best way to approach this? I thought of XML serialization, but as I understand it, this is not a secure method and therefore passwd info should not be stored in passwd file. I already make a database connection in this form, so if I could I would like to store this data in the database, but I cannot make the connection string until the user enters that info. I suppose I could do the mix of the two, but how will that affect performance? Any one have thoughts. Thanks in advance.
Storing (and ESPECIALLY retrieving) a password is never secure. Why would you want to retrieve the password from a file? You should never have to retrieve a password, it should always be given to you by the user.
-
Storing (and ESPECIALLY retrieving) a password is never secure. Why would you want to retrieve the password from a file? You should never have to retrieve a password, it should always be given to you by the user.
I'm not a security expert, but there's one thing I've picked up... In general, you should never store a password. I think it's a bad idea to even store an encrypted one. If you store an encrypted one and your keys are compromised, decrypting it is trivial. Store the hash of a password and "salt" that hash. It's preferable to have your salt have something in it that varies per user. Assuming the user-list and password hash is compromised, salting prevents a hacker from gaining easy entry. Having your salt have something unique per user in it prevents comparing a known account with a known password and finding another account with that same password. Then hash what they input and check it against the stored hash. Do a search for hash's and salt for some more info.
I, for one, do not think the problem was that the band was down. I think that the problem may have been that there was a Stonehenge monument on the stage that was in danger of being crushed by a dwarf.
-David St. Hubbins