views:

1249

answers:

6

I need to save a users login information in encrypted form for this application im building but im not sure of the best place to save the file. I dont want to save it into the program apps folder as i want it per user.

So what is the best folder (or way) to save it into?

Edit: Using c++

A: 

are you using .NET? how about IsolatedStorage? That way you wouldn't have to worry about the directory location, it'll just be there...

cruizer
You may need to take care that new versions/ installs of the application can still see your original isolated storage file.
FryHard
+2  A: 

Use the Data Protection API (DPAPI) - a part of the CryptoAPI in XP and Vista. Here's a good overview of DPAPI - http://msdn.microsoft.com/en-us/library/ms995355.aspx

Franci Penov
+3  A: 

Seems like C:\Documents and Settings\%username%\Local Settings\Application Data may be the appropriate place according to Wikipedia. The article says this location is used for "User-specific and computer-specific application settings".

Edit: Cruizer pointed out in the comments (I'd reply there but I can't comment yet) that in Vista it is C:\Users\%username% and that it shouldn't be hard-coded. Thanks.

Mark A. Nicolosi
Vista doesn't have C:\Documents and Settings\%username% --> it's in C:\Users\%username% by default, and it can be changed so the path shouldn't be hard-coded
cruizer
The proper way to get this folder is by calling:SHGetSpecialFolderPath(NULL, szPath, CSIDL_PERSONAL, false)
Bill
Ammendment to my comment. You need to use CSIDL_APPDATA. CSIDL_PERSONAL is for the users documents directory.
Bill
A: 

User information should always go in some sub directory in %HOMEDRIVE%%HOMEPATH% (Which maps to the users home directory). No exceptions. A good place for application specific settings per user is a sub directory inside %APPDATA%. This maps to: "%HOMEDRIVE%%HOMEPATH%\Application Data" on XP and to: " %HOMEDRIVE%%HOMEPATH%\AppData\Roaming" on Vista.

olle
+1  A: 

Yeah local app path looks like a winer.

found this article in msdn to get it in c++: http://msdn.microsoft.com/en-us/library/bb762494.aspx

example:

char localAppPath[MAX_PATH];

SHGetFolderPath(NULL, CSIDL_LOCAL_APPDATA, NULL, SHGFP_TYPE_CURRENT, localAppPath);

Lodle
You should not store user credentials in a plain file, even if encrypted. You should really keep these in the Data Protection storage. But it's your choice after all... :-)
Franci Penov
A: 

if you are using .net to get special folders you can use

Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);

or

Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);

for the non roaming version.

tdyen