Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Storing passwords locally.

Options
  • 16-11-2009 11:37am
    #1
    techguy
    Registered Users Posts: 2,234 ✭✭✭


    Hi,

    I'm currently working on a desktop client in VB.NET that interfaces with a http web service that accepts passwords in plaintext.

    My app will store user accounts to this service including passwords. Just wondering what's the best way to store passwords locally?

    I know this probably shouldn't be done at all, and if it is they should be hashed.

    So what are the options? I was thinking along the lines of an XML file or else the registry.

    Say I don't want to store the password in plaintext. What are my options?


Comments

  • Options
    #2
    Seth Brundle
    Moderators, Politics Moderators Posts: 39,850 Mod ✭✭✭✭Seth Brundle


    Can you not just use their windows identity?


  • Options
    #3
    techguy
    Registered Users Posts: 2,234 ✭✭✭techguy


    No, I doubt it..

    To do that wouldn't the username and password fot the web service have to be the same ??


  • Options
    #4
    Seth Brundle
    Moderators, Politics Moderators Posts: 39,850 Mod ✭✭✭✭Seth Brundle


    Sorry I understand it now.
    I would probably store is in the registry if only to restrict it from other users. I would also hash it!


  • Options
    #5
    techguy
    Registered Users Posts: 2,234 ✭✭✭techguy


    About hashing.. I was thinking of the same thing. It will need to be a reversible hash.

    I wonder can hash the password using some kind of unique system variable. Then I can reverse the hash by supplying the system variable.

    Do I have access to any system/windows install specific information that can be used to reverse the password that would tie the hash to that specific PC?


  • Options
    #6
    Ginger
    Registered Users Posts: 2,931 ✭✭✭Ginger


    You can use the ProtectSection method in your config file

    You can find more info on this http://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.protectsection.aspx

    The handy thing is when you encrypt your file sections like this you dont need to decrypt the file on the fly as the read function does it automagically.

    Because it uses the machine key of the machine to encrypt you need to encrypt on the machine before use.

    I did a post on this for the ASP.NET web.config here

    You can check the encryption of the section when you start the application and use the ProtectSection method


  • Advertisement
  • Options
    #7
    techguy
    Registered Users Posts: 2,234 ✭✭✭techguy


    Ginger wrote: »
    You can use the ProtectSection method in your config file

    You can find more info on this http://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.protectsection.aspx

    The handy thing is when you encrypt your file sections like this you dont need to decrypt the file on the fly as the read function does it automagically.

    Because it uses the machine key of the machine to encrypt you need to encrypt on the machine before use.

    I did a post on this for the ASP.NET web.config here

    You can check the encryption of the section when you start the application and use the ProtectSection method

    Thats looks exactly like what I need. I'll have a look later on.. Thanks for that..


Advertisement