My desktop application asks a user for proxy-server credentials to use it later. But what is the best way to store this secure information for further usage?
+1
A:
Ask user for master password and encrypt all credentials and other info related to that user with that password. Ask for this password once when this data is first requested (just like FireFox does with your site login/passes).
If you want to construct the system without master-password from user, you will have insecure one, because you will need to encrypt user data with some key, that will be stored inside your application, that is in turn can be reverse-engineered and the key can be extracted.
FractalizeR
2010-08-27 11:51:01
+2
A:
In Windows you can use CryptProtectData function to encrypt your data using account password, then store the encrypted data in registry or in config file. This way you won't need to ask for any password at all.
Eugene Mayevski 'EldoS Corp
2010-08-27 13:59:03
A:
Further to Eugene's comment, on Gnome-based systems like Ubuntu you can use GNOME Keyring to hold the information encrypted. On KDE you can use KWallet, the equivalent, and on Mac OS X you can use Keychain.
I would definitely look hard at using these OS facilities rather than writing my own. Unfortunately they each have different interfaces, but the API you have to use is not very complicated.
poolie
2010-09-02 06:06:38