PDA

View Full Version : Secure way to store passwords in settings file



Alir3z4
26th November 2011, 21:04
The title itself describes everything but let's mention that i want to store user database configuration [username/server/password], but how can i keep the db password safely ? should i encrypt it?
I see the Amarok (http://amarok.kde.org/) project also save the user's database password, but i couldn't figure it how!
Thanks
_updated_
I found also storing passwords for use later (http://www.qtforum.org/article/17974/storing-passwords-for-use-later.html), but i'm not sure it's pretty right way!

ChrisW67
27th November 2011, 08:03
If you need to be able to pass these passwords to other systems then you need to encrypt the data somehow. What degree of encryption is up to you. Using a master password that the user supplies is a reasonable option... but you cannot store the master password so you would have to prompt for it each time the program started. If you embed a master password in the program then it will protect from casual attempts to look at the password but not deliberate attempts.

AFAICT Amarok uses the KDE Wallet to keep sensitive data. If that is your environment then that may be a reasonable option.

Alir3z4
27th November 2011, 13:27
AFAICT Amarok uses the KDE Wallet to keep sensitive data. If that is your environment then that may be a reasonable option.
Yes, that's right, Amarok uses the KDE wallet :rolleyes:
but i think using master password isn't good deal, and this is just keeping user LOCAL db password
Clementine (http://www.clementine-player.org/) music player which it's a fork of amarok also keeping user last.fm, magnatune user/pass in simple INI setting file.
And i think it's better to keep those information in simple INI file for my project ;)