I am writing a simple database application. The program should get database information (host,name,user,pass) and store them for next uses. So I need to encrypt them and store encrypted information in a file. On the other hand I don't want to put any passwords in program code. My question is how should I store key for encryption algorithm in program? (the key used for encrypt database information)
Asked
Active
Viewed 201 times
0
-
are you able to use a trusted connection? – Daniel A. White Mar 18 '12 at 12:02
-
@Daniel No. How is that related to storing password? – sorush-r Mar 18 '12 at 12:04
-
possible duplicate: http://stackoverflow.com/questions/469267/ok-so-ive-encrypted-my-data-now-where-do-i-hide-the-key – Renato Mar 18 '12 at 12:10
2 Answers
3
Put the key in an external file and make sure the file permissions allow only the application user to access it.
Renato
- 12,940
- 3
- 54
- 85
-
If you change the file permissions in Windows (I think from Vista) I think that would have a similar effect.... no? – Renato Mar 18 '12 at 12:14
-
I have no experience with security in windows. I think it's better to embed password into executable, probably using resources... Thanks – sorush-r Mar 18 '12 at 12:18
0
You can use a Machine ID such as a CPU sn, but you won't e able to move te file to another system.
vy32
- 28,461
- 37
- 122
- 246