Secure Coding mailing list archives
Re: Java keystore password storage
From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 25 Apr 2005 20:42:52 +0100
john bart wrote:
Hello to all the list. I need some advice on where to store the keystore's password.
I don't know the Java functions you're asking about. Looks like it's decrypting a file? It's not possible to securely store the password. If a program can decrypt the file, then a program can decrypt the file. Unless you want to go for a very narrow definition of "securely store". Windows has a facility for "secured storage" that becomes accessible when the user logs in. It's used for storing sensitive information, like other passwords. It's theoretically good for protecting your info when the machine is off, or a different user is logged in. Ryan
Current thread:
- Java keystore password storage john bart (Apr 25)
- Re: Java keystore password storage Blue Boar (Apr 25)
- Re: Java keystore password storage Nash (Apr 25)
- RE: Java keystore password storage Chris Matthews (Apr 25)
- RE: Java keystore password storage David Crocker (Apr 25)
- Re: Java keystore password storage Edgar Danielyan (Apr 26)
- Re: Java keystore password storage Michael Silk (Apr 26)
- Re: Java keystore password storage Edgar Danielyan (Apr 26)
- Re: Java keystore password storage Edgar Danielyan (Apr 26)
- Re: Java keystore password storage Blue Boar (Apr 26)
- Re: Java keystore password storage ljknews (Apr 26)
- RE: Java keystore password storage Chris Matthews (Apr 26)
- Re: Java keystore password storage Nash (Apr 27)