Results 1 to 3 of 3

Thread: Secure way to store passwords in settings file

  1. #1
    Join Date
    Jun 2011
    Posts
    69
    Thanks
    13
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11

    Question Secure way to store passwords in settings file

    The title itself describes everything but let's mention that i want to store user database configuration [username/server/password], but how can i keep the db password safely ? should i encrypt it?
    I see the Amarok project also save the user's database password, but i couldn't figure it how!
    Thanks
    _updated_
    I found also storing passwords for use later, but i'm not sure it's pretty right way!
    Last edited by Alir3z4; 26th November 2011 at 21:54. Reason: updated contents
    ...یه مرد هیچوقت زمین نمیخوره

  2. #2
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,729
    Thanks
    13
    Thanked 1,610 Times in 1,537 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: Secure way to store passwords in settings file

    If you need to be able to pass these passwords to other systems then you need to encrypt the data somehow. What degree of encryption is up to you. Using a master password that the user supplies is a reasonable option... but you cannot store the master password so you would have to prompt for it each time the program started. If you embed a master password in the program then it will protect from casual attempts to look at the password but not deliberate attempts.

    AFAICT Amarok uses the KDE Wallet to keep sensitive data. If that is your environment then that may be a reasonable option.

  3. The following user says thank you to ChrisW67 for this useful post:

    Alir3z4 (27th November 2011)

  4. #3
    Join Date
    Jun 2011
    Posts
    69
    Thanks
    13
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11

    Default Re: Secure way to store passwords in settings file

    Quote Originally Posted by ChrisW67 View Post
    AFAICT Amarok uses the KDE Wallet to keep sensitive data. If that is your environment then that may be a reasonable option.
    Yes, that's right, Amarok uses the KDE wallet
    but i think using master password isn't good deal, and this is just keeping user LOCAL db password
    Clementine music player which it's a fork of amarok also keeping user last.fm, magnatune user/pass in simple INI setting file.
    And i think it's better to keep those information in simple INI file for my project
    Last edited by Alir3z4; 27th November 2011 at 13:28. Reason: updated contents
    ...یه مرد هیچوقت زمین نمیخوره

Similar Threads

  1. Apply previous settings in QML file
    By amitpatel22 in forum Qt Programming
    Replies: 0
    Last Post: 9th August 2011, 10:36
  2. How to secure a file by password
    By miraks in forum Qt Programming
    Replies: 8
    Last Post: 22nd March 2011, 20:34
  3. Settings for a particular file
    By CCTeam in forum Qt Programming
    Replies: 5
    Last Post: 28th May 2010, 08:39
  4. How to link static libraries --- in .pro file settings?
    By jiapei100 in forum Qt Programming
    Replies: 1
    Last Post: 7th January 2010, 17:39
  5. XML vs file sotring settings
    By ^NyAw^ in forum Qt Programming
    Replies: 3
    Last Post: 7th May 2009, 17:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.