Where should I store a password
Hi experts,
I have a client/server application which requires the user to login. What I want to do is a "Remember me" functionality, so the user is not forced to login everytime he opens the application (the "real" credentials are stored in MS SQL Server)
The application is only used in a local network and based on WinForms.
I know most of you would say, that a password should never be stored.
But where is the best place to store it?
Should I use the windows credentials?
Should I store the credentials in a encrypted (config) file?
Thanks for your help
I have a client/server application which requires the user to login. What I want to do is a "Remember me" functionality, so the user is not forced to login everytime he opens the application (the "real" credentials are stored in MS SQL Server)
The application is only used in a local network and based on WinForms.
I know most of you would say, that a password should never be stored.
But where is the best place to store it?
Should I use the windows credentials?
Should I store the credentials in a encrypted (config) file?
Thanks for your help
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Bloholm
When I said "store the password" I meant the encrypted or hashed password. Sorry for that :-)
but where would you store the password (hash)
@angus_young_acdc
what do you mean by "long term cache"?
an encrypted textfile?
When I said "store the password" I meant the encrypted or hashed password. Sorry for that :-)
but where would you store the password (hash)
@angus_young_acdc
what do you mean by "long term cache"?
an encrypted textfile?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry, for my late response.
So, three people answered and each with a different answer ;-)
Has somebody further/other suggestions?
So, three people answered and each with a different answer ;-)
Has somebody further/other suggestions?
my comment will be that its not a good idea to store it in a registry because just think of a scenario where the application is run under the credientials of a user who is not permitted to access the registry? how will he save the password?
ASKER
thanks for your comments.
I splitted the points among all of you
I splitted the points among all of you
You should hash it with a hash function like md5 or sha.
Then you can check the hash value of the submitted password against your stored hash value.
Found this article through a quick google search:
http://www.csharpfriends.com/Articles/getArticle.aspx?articleID=344