Plain password in C# source code... is it safe?

views:

389

answers:

+3 Q:

Plain password in C# source code... is it safe?

Hi!

A user types a specific username and password, that username and password is in the program converted to something else! But... that password is in my program plain text, in the source code. Is that safe? Can people somehow get that out? What can I do to prevent that? Can people somehow decompile my program and read that password?

Just curious!

Thank you!

+21 A:

No, it is not safe.

Yes, it is very easy to retrieve it using Reflector.

If you are in a Domain, then using Windows Authentication is suggested.

Mitch Wheat 2010-02-18 03:14:58

"No precious. Not very nice at all." At the very least encrypt type password, and store that. i normally store the base64 encoded version of the encrypted password as a string constant.

Ian Boyd 2010-02-18 03:31:08

+1 for avoiding the whole problem in the first place by using Windows Authentication.

Dan 2010-02-18 04:15:17

No, as already answered, the source can be disassembled with Reflector or ildasm.

If you must keep the credentials in the source code then consider using hash encryption.

cxfx 2010-02-18 03:30:12

how would you still accomplish that with hash encryption when the credentials is still hardcoded anyways?

Shawn Mclean 2010-02-18 03:35:09

@Shawn you'd store the hard-coded hashed password in the source code, then to authenticate the user you'd hash their input credentials and compare them to the hard-coded hashed values.

cxfx 2010-02-18 03:39:12

It would mean somone can't figure out the credentials by just looking at the source - they'd have to either reverse-engineer the hashing algorithm, or (the better way) just change the hashed credentials and recompile. If the user pwns the machine your running on, you're not going to stop them.

Anon. 2010-02-18 03:41:12

@Anon if it's a signed assembly, which it should be since this discussion is null and void if it isn't, the changing the .dll is rather difficult

Rune FS 2010-02-18 04:02:19

No, it's really easy. Just edit whatever loads the assembly to remove the strong-name requirement.

Anon. 2010-02-18 04:03:48

Or add the assembly to skip verification list. See reflexil plugin for reflector.

unclepaul84 2010-02-18 15:27:07

+2 A:

You should never store any secret or sensitive data in code. EVER! store it in a config file and lock the config file down to only trusted users.

Michael Howard-MSFT 2010-02-18 15:13:47

Please elaborate why.

Hamish Grubijan 2010-02-18 15:15:35

if you store sensitive data in code it can be easily reversed out. it's way too easy. next, it's a support nightmare - i'm sure you really don't want to redeploy the app just because you need to update a string constant

Michael Howard-MSFT 2010-02-22 19:09:23

Michael Howard-MSFT 2010-02-23 22:26:23

Do not store the password in plaintext.

If you can, do your authentication using operating system services.

If you can't do that (or don't want too), store the hash of the desired password, which is generated by a secure hash algorithm, such as SHA. A hash function is what is called a "one way function", that is, given an input, it is easy to get an output, but given an output, its very difficult if not impossible to get the input. When your program runs, have the user enter his password, compute the hash on-the-fly, and then compare the users hash with the stored hash.

Hashing is a very easy way to go, and if you pick a good hash algorithm, should be safe enough.

samoz 2010-02-18 15:18:19

ansaurus

tags:

views:

answers:

Plain password in C# source code... is it safe?

related questions