> From: Discuss [mailto:[email protected]] On > Behalf Of Kent Borg > > My program already has to hope that its program files are secured by the > hosting OS, but at least if it isn't opening up a network port it stays > a rather contained problem.
Depends on a lot of stuff. What language? Running on a system you own, or deployed to someone else, etc? Normally, passwords that your app needs in order to connect to some other thing should be stored in a config file. Ideally, it should be an OS-encrypted store, for example in C# I would use ProtectedData. This encrypts the file on disk using a complex set of login stuff to derive a key specific to the logged in user - or in mono, the mono MRE generates random keys and stores them in a protected subdir in the users' home dir, so once again it's protected to the logged in user. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
