Password Control
Hi,
I have a simple WinForms app that uploads something to an SFTP server. I am trying to control the login to this SFTP properly but not sure how to both secure the password and still pass it in the connection string. I know about using DPAPI but that would not translate between machines when installing the app. Is there a way to safely store a password for decryption to use in this way? My best guess so far is to enter the password after install and use DPAPI to hash it. It's an extra install step I'd like to avoid if there's a better way.
2 Replies
you could make the user put in a password/decryption key to decrypt the encrypted password shipped with the app
no automatic way afaik, because if your program can do it with no intervention anyone who pokes at the code will be able to do it too
yeah that's kind of what I was feeling like. Anything I do that's reversible is....reversible. I might just add a step of entering the PW at install time and store the blob for use
Is it safe to store the blob in like properties.settings area? Then pull from there to decrypt?
Future explorers who stumble upon this, I just saved to a file to be decrypted later