How to store a password?-Collection of common programming errors

12 years ago
admin
3 minutes

  • msdn I need to build a program that will require a password to open. This program will be something like storing other secret information.So now the problem is how to store the password that is required to open the program? I can encrypt and store the password in a file and check if the password is set or not each time the program starts, and ask for the password if the password is set. But then if someone deletes or edits the password file, then I’ll get into the problem of program not asking for the password or the password mismatch.So can anyone suggest me the better and secure way to store the master password required to open the program?IS there any professional level solution to this? I mean the method that is used by the commercial softwares.Thanks.

  • 8 Answers


  • msdn1

    hi, rabin

    It seems that you’d create a table in database to store the password information, or in other way store it in files as well.

    BR


  • msdn2

    hi, rabin

    It seems that you’d create a table in database to store the password information, or in other way store it in files as well.

    BR


  • msdn3 Hi,I had thought of using the windows registry. but it also has the same problems as the file has, doesn’t it?Besides, i can’t use a database, because i won’t have the database in every computer i want that program to run. So it doesn’t seem feasible, does it?Anyway thnx for ur answers.I am expecting better solutions.

  • msdn4

    hi, rabin

    If you use database you don’t have to install the database engine in all computers, instead, just install it in one computer as a server which manage the pwd information, and then other computer (client) just communicate with the server to validate the pwd.

    BR


  • msdn5

    you can have a fixed password at first and you can have it in your code. then user can change it. you can save the changed password in registry. if somebody delete the registry value you can report and ask for first password (we can call it serial number or production key instead of password) and let the user to change it and save a new value in registry again


  • msdn6

    hi, ashk1860

    If you put the password in the code, the security of the information is being challenged.

    BR


  • msdn7

    hi

    of course it’s not a good way and it have to be encoded but I think It’s better than saving it into the file. I beleve better way is to save it in database with hash algorithm but he don’t use database in his application.


  • msdn8

    Hi.

    Is there a way to add a manifest resource stream to an assembly at runtime? I think not, but this thread made me curious about it and just wanted to know for sure.

    If there is a way, then it would solve rabin’s issue.

    Regards,

    Fernando.