Hi,
I know, I know, this subject is asked again and again, and now I ask it again because I am very doubtful how to proceed.
The case: An app which need access to a SQL server. The app is something like a recherche tool running at a public library. Port, user and password should be freely changeable by the library administrators, so
- storing the password inside the application: No (no change possible)!
- creating a login promt querying the password: No, because the app should be opened and closed freely by the strangers coming to the library and using the work terminal.
- Store an encryption master key inside the app and make a encrypted password file, which is read in by the app. Possible, because the file could be altered with a new password. And normally save, because not everybody can encrypt that file easily.
- Like the above only that the file is send through the "Fortune Server" (->see docs), so the port to Fortune Server could lay encrypted on the client site. More secure, since more knowledge is needed to break in.
So I lean towards the last solution or is there a better way to protect the password in my case? (The application is only running in the library intranet, so the security is a priori better than with a internet based app)
Suggestions, hints, anything is appreciated!
Thanks
Bookmarks