Hello Everyone,

I have developed a DBMS and I want to store the credentials for server, and user name securely so that the users don't have to enter the password to the database EVERY time they start the software. My question is, how would I go about doing this? I first thought of tokens, but rejected that idea. And the other idea was to encrypt the information, then thought against it -- and finally it was either plain-text (which I don't want to do) or my.settings.

Does anyone have any suggestions or tutorials regarding this?


Remember I may not duplicate prior thoughts at https://www.google.com/search?&q=security+vs+ease+of+use as that would be duplicating the past thoughts and in your reach.

You say you wrote this app so where in the requirements are the security goals outlined? If not there, what is the company's view on security? Do you work for Equifax?

You reveal there's a database. Does the data need securing?

the only information that is stored are the credentials to the users servers. nothing more. And, that will be encrypted. I need to look into the best method to do this as well.

The app is a small app I will be using in-house.

Whether i work for equifax or not, I don't think that's important. Do you work for the NSA?

I hope you understand why I asked these questions. Sorry, no, didn't work for the NSA but can reveal I worked for defense companies for years.

I see the SANS article is noted so there's a nice treatise to use.

So where does that leave you? I think it means you get to choose how secure your app and data is.