Password Storing
-
Is there anything in Qt where we can store password at application level like in android we use "key chain" and in ios we use "key store". Is there anything like this in Qt where it can be secure and not accessible by others. Thank you in Advance :)
-
Hi and welcome to devnet,
No there's not as password management is outside of Qt's scope even though applications doing that can be built using Qt. You'll also have to distinguish between your OS password manager and application providing password management.
Interested in AI ? www.idiap.ch
Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct -
Hi and welcome to devnet,
No there's not as password management is outside of Qt's scope even though applications doing that can be built using Qt. You'll also have to distinguish between your OS password manager and application providing password management.
-
@SGaist thank you for reply 😊, can i do like this like take the user input ans hash it and save into database , it will be secure and right way ?
@Bhushan_Sure said in Password Storing:
it will be secure and right way ?
Nothing is secure. Everyone with access to the database can extract the hash and try to reconstruct the password from it.
You can only make it hard for them to do this:
- Use restricted access rights to read the data from database
- Use long passwords
- Use good hashing algorithm with salt
Disclaimer: I'm no security expert.
Qt has to stay free or it will die.
-
@Bhushan_Sure said in Password Storing:
it will be secure and right way ?
Nothing is secure. Everyone with access to the database can extract the hash and try to reconstruct the password from it.
You can only make it hard for them to do this:
- Use restricted access rights to read the data from database
- Use long passwords
- Use good hashing algorithm with salt
Disclaimer: I'm no security expert.
@aha_1980 ok thank you very much 😊😊, i will try this.
-
You can also use OpenSSL to encrypt the user password before saving to database (then you must make sure you keep your master password safe - or not saved at all, anywhere). Because, as I understand, you want to store the passwords and be able to read them back - if yes then storing a hash of the password alone will give you nothing (hashing functions are one-directional: you can't un-hash something and get the original string).
-
If you want a nice example on how to manage user password in a database, take a look at the Django project. It's in python but their default to hash user password is pretty good.
-
You can also use OpenSSL to encrypt the user password before saving to database (then you must make sure you keep your master password safe - or not saved at all, anywhere). Because, as I understand, you want to store the passwords and be able to read them back - if yes then storing a hash of the password alone will give you nothing (hashing functions are one-directional: you can't un-hash something and get the original string).
@sierdzio Thank You , I will try openssl also.
-
If you are trying store on android, I suggest you go the native way & use keystore in Android. That is the best to achieve.
Dheerendra
@Community Service
Certified Qt Specialist
http://www.pthinks.com -
If you are trying store on android, I suggest you go the native way & use keystore in Android. That is the best to achieve.
@dheerendra okay sir 😊😊
