Jump to content
Sign in to follow this  
motionman95

Secure location to store this info?

Recommended Posts

motionman95

I'm building an app that will upload files to a server. Currently, however when the user inputs their info (username, password, etc) I need to have a secure place to store them on the PC. I wouldn't won't the wrong type of people of virus prying into it.

Thanks!


Share this post


Link to post
Share on other sites
SpookMeister

You can use _StringEncrypt to do a decent job of obfuscating the information, either write the encrypted info to an .ini file, or the registry depending on which is more appropriate to your application.

Tip: Don't call the entries username / password or whatever, use names like data1 data2 etc instead... won't fool everyone, but it adds another small level of "protection"... if you want true security... dont store the information at all, make the user input it every time.

Edited by SpookMeister

[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites
Xand3r

You can use _StringEncrypt to do a decent job of obfuscating the information, either write the encrypted info to an .ini file, or the registry depending on which is more appropriate to your application.

Tip: Don't call the entries username / password or whatever, use names like data1 data2 etc instead... won't fool everyone, but it adds another small level of "protection"... if you want true security... dont store the information at all, make the user input it every time.

like that is safe..

the safest way possible is not to store the password or an encrypted form of the password... and even writing it down every time isn't very safe

what you should do is.. remember the username either encrypted or not and a hash of the password (not oly the password though... something like hash($password&$username) ) oh and the part about data1,data2 is a good ideea :)


Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro

Share this post


Link to post
Share on other sites
SpookMeister

like that is safe..

I don't think I said it was safe... it is just better than storing non-encrypted data of that nature.

@OP If you store the info anywhere on the system, then it is something that someone else can monitor. If you must store the information, then the best you can do is disguise it as best you can. Personally I think that the _StringEncrypt method is effective enough for most situations. If you are talking government security, or high level business secrets then frankly you should already have better methods available to you.


[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites
motionman95

Well, looks like I'll be using _StringEncrypt!


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×