[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1013
  • Last Modified:

Where should I store a password

Hi experts,

I have a client/server application which requires the user to login. What I want to do is a "Remember me" functionality, so the user is not forced to login everytime he opens the application (the "real" credentials are stored in MS SQL Server)
The application is only used in a local network and based on WinForms.

I know most of you would say, that a password should never be stored.
But where is the best place to store it?
Should I use the windows credentials?
Should I store the credentials in a encrypted (config) file?

Thanks for your help
0
Arikael
Asked:
Arikael
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
angus_young_acdcCommented:
Couldn't you store it in a long term cache in AppData?  Just encrypt it and make the file hidden?
0
 
BlomholmCommented:
You don't have to store the password itself.
You should hash it with a hash function like md5 or sha.
Then you can check the hash value of the submitted password against your stored hash value.
Found this article through a quick google search:
http://www.csharpfriends.com/Articles/getArticle.aspx?articleID=344

0
 
ArikaelAuthor Commented:
@Bloholm
When I said "store the password" I meant the encrypted or hashed password. Sorry for that :-)
but where would you store the password (hash)

@angus_young_acdc
what do you mean by "long term cache"?
an encrypted textfile?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
BlomholmCommented:
I would go with a config file, or you could look into storing values in the windows registry. I've never done that myself, but many applications does that for storing various small bits of information.
0
 
Anurag ThakurCommented:
i will go with a totally new concept of Isolated Storage for strong hashed passwords
Isolated Storage in .NET to store application data - http://www.codeproject.com/KB/dotnet/IsolatedStorage.aspx
0
 
ArikaelAuthor Commented:
Sorry, for my late response.

So, three people answered and each with a different answer ;-)

Has somebody further/other suggestions?
0
 
Anurag ThakurCommented:
my comment will be that its not a good idea to store it in a registry because just think of a scenario where the application is run under the credientials of a user who is not permitted to access the registry? how will he save the password?
0
 
ArikaelAuthor Commented:
thanks for your comments.
I splitted the points among all of you
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now