storing usersnames and passwords

You would probably be best off by first looking at encrypting the information that you wish to store (as an added layer of security) and then storing into your own key in the Registry.

The absolutely best and safest place to store the users and the passwords would be to first encrypt them and then store them in a database file.  An encrypted database file is reasonably secure even against most hackers. I don't recommend storing any user or password data in the registry because any hacker can easily gain access to the registry and once he does that it is only a matter of time before he cracks the encryption algorithm and gains access to the user names and passwords.

you have to know wich security level you want to give at your application. If your application needs a highest security level, the comment of johnny6 must be applied.

Otherwise, if your application security level is not so higher, a simple crypting of the user name and password is needed. You can store these field in a file or in the registry.

And you must know something: When something is crypted, it can always be cracked...

I can give you some easy crypting algorythm if you want

I'd have to agree with Johnny as well.. it definitely is tougher to crack a database. I made my suggestion based on a "let's keep a nosy Nellie from seeing what we have here" type of security concern. If you are out to keep absolutely ANYONE from seeing this information.... first off... can't be done. whatever you come up with, there is always going to be someone, somewhere that can undo it. But in the real world, of non-military, post cold war applications, you probably should be alright with a simple encryption and if you feel that the registry isn't secure enough, then a database file. Of course, the table could pose a problem insomuch as 1. it is portable... someone could copy it and take it with them, affording them more time to hack into it. Registry can be dumped, too... but is a lot more information to muddle through. 2. tables can become corrupted. Again, the registry is not immune to this, either, but is a far rarer occasion that the registry become corrupted then a flat file. 3. Writing to and reading from the registry requires no database engine, meaning that you will never run into any version conflicts, etc. Food for thought... Good luck!


 

Hmm, guyz, this might seem dumb, but I am not show how am I supposed to encrypt the information. Any idea

sorry, it 'sure' instead of 'show' in the above comment.

Thanks to everybody who contributed in this subject. I am ought to learn more about encryption.