tags:

views:

412

answers:

0
Q: 

Silverlight + WCF Service with custom username/password

Hi,

We have a WCF service with custom username/password authentication. The service runs over SSL.

On our existing WPF application we pass the username and password combination to the service every time it is called (i.e. we don't have any sessions with the service). The credentials are stored in memory on the client application.

Now we are looking at using Silverlight, and I'm thinking that storing the credentials in memory are going to pose a security risk.

What is the recommended advice for storing credentials when using a custom username/password service?

Thanks in advance Matt

related questions

What are some good security questions?
What's a good alternative to security questions?
Protect embedded password
How do you generate passwords?
Should I impose a maximum length on passwords?
How best to generate a random string in Ruby
What is the best way to check the strength of a password?
In a client-server application: How to send to the DB the user's application password?
How does your company manage credentials?
Replacing plain text password for app
How to implement password protection for individual files?
Password generation, best practice
Unique key generation
Generating Random Passwords
Oracle lost sysdba password
How does one decrypt a PDF with an owner password, but no user password?
Storing Windows passwords.
How do I avoid having the database password stored in plaintext in sourcecode?
How do I write Firefox add-on that automatically enters proxy passwords?
How to store passwords in Winforms application?
Two-way password encryption without ssl
Disable browser 'Save Password' functionality
Simple password encryption
Best way to store a database password in a startup script / config file?
Encrypting Passwords