All geek questions in one place

Saving password source text

My web application stores external logins / passwords for interacting with them. To interact with these websites, I need to use the original password text, so saving the hash in my database will not work.

How to store these passwords?

Edit: It bothers me that someone is accessing my server. If I use some kind of two-way encryption and they have access to the server, then they can just check how the passwords are decrypted in my internal code.

+3
source share
5 answers

It seems to me that you want to store passwords in the same way as Firefox and Chrome. So why not see how they do it?

Here's how Chrome does it: http://www.switchonthecode.com/tutorials/how-google-chrome-stores-passwords

+3
source

If you MUST do this, you must use two-way encryption. There are many algorithms (ciphers) for this, but basically you encrypt your data with an encryption key and use the same key to decrypt it again.

Choosing the right cipher depends on which ones are supported by the programming language of your choice, but examples:

  • Blowfish
  • 3DES
  • striped

, , . , , . , .

/

+3

, . ( ): , , , - , - ..

-, , . , , - (, Firefox).

, , , TrueCrypt PGP WDE, Ubuntu, Debian Fedora, PIN- .

, .

+3

.

:

, .

, ():

, .

A)

  • .., .
  • , API. API , insertUserData, , API .
  • API , userData.
  • .
  • SSL .
  • , , chron, , . .
  • JOB, .
  • SSH/SCP IP, . , X/min .., .
  • FTP ..

B)

Worker, . - API, , . , ..

, , / .., //, .

+3

, . . , . , , -, ( ).

:

  • root-.
  • sudo.
  • - - .

, .

The EDIT: . Think about it, you can just save sensitive data directly in the key file. Encryption will provide an additional level of security, but it will not be a very strong layer; if an attacker gains access to a file, there is a chance that he also has access to the database.

+1
source

Source: https://habr.com/ru/post/1749871/

More articles:


All Articles