I know that storing such sensitive data is a bad idea. But if the application asks for a password every time it starts, it will be annoying ... I know about OAuth, but it's the same thing - the user will be interrupted by the browser (or am I mistaken?) - this point is not clear to me). I know about symmetric cryptography. But how to safely store the key inside the application?
The question is simple. (but has two parts :-)
1) Is it possible to send a login / password pair not like plain text?
and
2) If not, then why should I think about security (in my application)?
If you find a spelling letter, feel free to tell me about it.
source
share