Is it possible to store passwords on the local system (Windows XP) that can only be accessed by the application itself? My instinctive answer would be "no". Even if some kind of hashing or encyption is used I would think that as long as the source code is available then the determined seeker could always use this to retrieve the passwo...
What is the proper way to work with Passwords you don't want to store in clear text in a database? What are my options in NHibernate / Castle ActiveRecord? UPDATE: I was interested in how others handle this with NHibernate / Castle ActiveRecord. And if there was anything built into NHibernate or Castle ActiveRecord. ...
In my last question "Portable database for storing secrets" the best answer until now tell to use sqlite-crypt. Reading sqlite-crypt docs, the new param for open the database is the pass-phrase. Of course, I don't want hardcode the password, so I was thinking what the best, simple and fast method to store that password? ...
We store all our application and db passwords in plain text in source control. We do this as our build/deploy process generates required configuration files and also does actual deploys that require these passwords (ie: running sql against a database requires you logon to the db using valid credentials). Has anyone had a similar need w...
I'm building a website which allows users to create accounts and access the site's content. I don't want users to log in each time they visit the site, so I'm planning on storing the username and password in a cookie -- however, I've heard this is bad practice, even if the password is hashed in the cookie. What "best practices" should I...
As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ pr...
I'm building a web application that shows users interesting visualizations of their Gmail activity (who they're emailing the most, etc). Obviously the user needs to give me his Gmail password to use the application, and I'm wondering how I should store it: Store the Gmail password in plaintext. Risky! Don't store the Gmail password at ...
Hello, I wrote a simple PHP script to log into my mobile phone provider's website, check my balance, and send me an email if it's too low. I put the script on a distant server. It seems that I have to store my password as plaintext in the script to be able to send it to the login page. However, I am a little bit reluctant to do this......