I am working on a project that uses the Exchange Web Services API on behalf of users. Although I can easily authenticate using a username, domain and password, I would have to store these credentials in plain text on the server. Is there a way to save some kind of authorization token, so I don't need to store usernames and passwords?
As an alternative, I am considering introducing a very rudimentary symmetric encryption scheme in which the user password will be encrypted using some static user knowledge. That is the simplest case, a hash of their username. Thus, the credentials, at least, are not made up of plain text, requiring them to reverse engineer the application.
source share