storing usersnames and passwords

where is the best , safest, and most convenient place to store the names of my appolication users and their passwords?
mhdhallakAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DrDelphiCommented:
You would probably be best off by first looking at encrypting the information that you wish to store (as an added layer of security) and then storing into your own key in the Registry.
0
johnny6Commented:
The absolutely best and safest place to store the users and the passwords would be to first encrypt them and then store them in a database file.  An encrypted database file is reasonably secure even against most hackers. I don't recommend storing any user or password data in the registry because any hacker can easily gain access to the registry and once he does that it is only a matter of time before he cracks the encryption algorithm and gains access to the user names and passwords.
0
anthonyamodeiCommented:
you have to know wich security level you want to give at your application. If your application needs a highest security level, the comment of johnny6 must be applied.

Otherwise, if your application security level is not so higher, a simple crypting of the user name and password is needed. You can store these field in a file or in the registry.

And you must know something: When something is crypted, it can always be cracked...

I can give you some easy crypting algorythm if you want


0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

DrDelphiCommented:
I'd have to agree with Johnny as well.. it definitely is tougher to crack a database. I made my suggestion based on a "let's keep a nosy Nellie from seeing what we have here" type of security concern. If you are out to keep absolutely ANYONE from seeing this information.... first off... can't be done. whatever you come up with, there is always going to be someone, somewhere that can undo it. But in the real world, of non-military, post cold war applications, you probably should be alright with a simple encryption and if you feel that the registry isn't secure enough, then a database file. Of course, the table could pose a problem insomuch as 1. it is portable... someone could copy it and take it with them, affording them more time to hack into it. Registry can be dumped, too... but is a lot more information to muddle through. 2. tables can become corrupted. Again, the registry is not immune to this, either, but is a far rarer occasion that the registry become corrupted then a flat file. 3. Writing to and reading from the registry requires no database engine, meaning that you will never run into any version conflicts, etc. Food for thought... Good luck!


 
0
mhdhallakAuthor Commented:
Hmm, guyz, this might seem dumb, but I am not show how am I supposed to encrypt the information. Any idea
0
mhdhallakAuthor Commented:
sorry, it 'sure' instead of 'show' in the above comment.
0
DrDelphiCommented:
That is not dumb at all. There are people, particularly where I am (Washington DC) that dedicate their entire careers to nothing but encryption. There are several well established algorithms out there, but you are not going to want to let anyone which you are using. what I could suggest is that you take a look at Deja.com and do a search on the phrase "Encrypt"... if you know Delphi, you can definitely find some very good stuff on the Delphi Superpage, too. (Sorry, Delphi is my long suit, VB isn't).

Good luck!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mhdhallakAuthor Commented:
Thanks to everybody who contributed in this subject. I am ought to learn more about encryption.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.