473,778 Members | 5,590 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Storing username and password

Hi, I am looking for a bit of advice.

I have an application that can be installed on users home PC's that
authenticates to a windows domain server over a VPN. Once authenticated
against the Active directory I need to reuse the inputted information over
and over and again for various database tasks (using windows authtication).

What is the best and most secure way to store the username and password for
re-use? I have considered hashing it and storing in a file in the
application directory, is this secure and advisable? Any suggestion woul be
much appreciated.

Thanks

Steve.
Nov 21 '05 #1
2 1634
Hello Steve ,,,

I would not recommend the aproach of saving the file in the application
directory,
i believe it would be better to save the file in a user context directory
i.o.w. X:\Documents and Settings\userna me\yousubdir\us pa.encryptedfil e

in this way only the user , who knows his own username and password :-) ,,,
and the systems administrator can access the file

i would use a secure encryption method ( like rijndael / DES )

Regards

Michel Posseth


"Steve Lloyd" <st************ ****@livenowpay later.co.uk> wrote in message
news:uz******** ******@TK2MSFTN GP10.phx.gbl...
Hi, I am looking for a bit of advice.

I have an application that can be installed on users home PC's that
authenticates to a windows domain server over a VPN. Once authenticated
against the Active directory I need to reuse the inputted information over
and over and again for various database tasks (using windows
authtication).

What is the best and most secure way to store the username and password
for re-use? I have considered hashing it and storing in a file in the
application directory, is this secure and advisable? Any suggestion woul
be much appreciated.

Thanks

Steve.

Nov 21 '05 #2
i think you could create a (net, windows, generic) credential data type, and
walk with this...
--
Salute by the First Time!
"Steve Lloyd" wrote:
Hi, I am looking for a bit of advice.

I have an application that can be installed on users home PC's that
authenticates to a windows domain server over a VPN. Once authenticated
against the Active directory I need to reuse the inputted information over
and over and again for various database tasks (using windows authtication).

What is the best and most secure way to store the username and password for
re-use? I have considered hashing it and storing in a file in the
application directory, is this secure and advisable? Any suggestion woul be
much appreciated.

Thanks

Steve.

Nov 21 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
6976
Connecting to MySQL without storing password in clear text
by: Bob | last post by:
Hi, I have a website in a Linux/Apache shared hosting environment and have been given access to the MySQL server running on the same machine. To access this database from PHP, I have to call mysql_connect(host, user, password) where the password is hardcoded into my PHP source file in clear text. I see two security problems with this:
PHP
3
1801
Storing input values as variables?
by: Antoni | last post by:
Hello, I wondered if anyone could advise? I am trying to write a basic script, which allows user's to enter there username, password in text fields. Then we take these values and pass them to the method login_user($userid, $password); I was unsure how to take the text fields values, and store them in variables, when the submit button is clicked?
PHP
2
1416
Password Storing Standard
by: Kit Truong | last post by:
Hello, When I'm creating database driven asp applications, I store my constants, including my connection string to the database within an asp file called constants.asp. All constants are stored inside asp coding <% ... %> so people can't save the data through the web. I've been told this is an insecure way of storing the connect string becuase my connect string would also store the username and password to connect to the db.
ASP / Active Server Pages
0
2394
Linked table password storing
by: ericellsworth | last post by:
Hi all, I'm wondering if there's a way to remove the password Access (2003) has stored for an ODBC linked table without quitting and reopening the application. I have a set of linked tables which I update with a user's password on login using tdf.Connect, thereby keeping them from having to use the linked table manager or see the ODBC connection dialog. When a user logs out, I set the connect string back to a generic connect string...
Microsoft Access / VBA
4
2097
Storing a user's password
by: Jefferson Cowart | last post by:
I'm writing a program for a college to use to allow students to register their computers for use on the network. Aside from a bunch of security related checks I would like the program to offer to store the users network username and password so when they access network servers they are not prompted for their username every time. I can do it manually through the user accounts control panel -> Advanced Tab -> "Manage Passwords" button, but...
C# / C Sharp
3
1451
Variable & storing
by: yop | last post by:
Hello I have an application, Login page, enter UserName & Password. Function in Users called GetUserDetails and checks the details and if they are valid calls a function to fill the following in the class component called Public Class UserDetails Public UserID As Integer
ASP.NET
5
1188
Storing Variable for use in different page
by: - Steve - | last post by:
I have a website that uses forms based authentication. In the logon.aspx page a user enters a username and password. It is then authenticated against Active Directory. After that point on any page in the directory I can access the username using HttpContext.Current.User.Identity.Name, but I can't figure out how to access the password in plain text. Back at the logon.aspx page if I could store the password that is submitted the...
ASP.NET
0
8329
Incorrect syntax near '-'.Must declare the scalar variable "@UserName
by: roamnet | last post by:
hi i created database file with .mdf extention ,sql server as a source and use grid view to display data there're no problem in data retrieve and display,but i want to edit it or insert new records there is an error "Incorrect syntax near '-'. Must declare the scalar variable "@UserName". I worked out in design view,code is automatically generated.Iam not able fix the error. Iam working with Visual Web Developer-2005 Express Edition
ASP.NET
13
12689
Storing Credentials in Application
by: =?Utf-8?B?QWRhbSBT?= | last post by:
I would like to know the best way to store credentials in a c# application. I am writing some administrative tools and will need to store username and password information for a domain account with elevated privileges. While I am sure this is not a "best practice" I have not come up with a way around this as not all users of the app will have the permissions on their accounts. Any advice on is most appreciated. Thanks --
C# / C Sharp
0
9629
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10298
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10127
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10069
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
1
7475
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6723
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5500
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4033
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3627
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us