Re: encrypting password
Lionel wrote:
Arne Vajh?j wrote:
Lionel wrote:
My application currently stores a user name and password using the
Preferences class. I assume this is stored somewhere in plain text,
either way it is insecure. How do I go about saving a password when
it is entered so that I don't have to ask for it later? The password
is used to access MySQL.
It is very difficult to both enable you rprogram to
read the password and prevent the user from reading
the password.
For client side apps it is often the best to gives users
individual passwords and have them enter it.
I was actually sort of thinking that might be the case. When I thought
about the problem I couldn't think how it would be possible. Maybe I
need to make it a little less user friendly by requiring them to enter a
password.
Lionel.
I am working on an LDAP administration client-side application which
provides various options for the administrator to authenticate through
the app back to the LDAP server. One is using Kerberos through Windows
XP but another is simply entering a username and password. I allow the
configuration to be saved to disk but I do not save the password in that
file. I always require the user to enter the password (after loading
their config data from the file) before they can connect to the LDAP
server. I also use a JPasswordField to mask the password but I do keep
it around in plaintext in the object that represents the configuration
settings.
hope that helps.