Password Storing
-
wrote on 22 Oct 2018, 10:55 last edited by
Is there anything in Qt where we can store password at application level like in android we use "key chain" and in ios we use "key store". Is there anything like this in Qt where it can be secure and not accessible by others. Thank you in Advance :)
-
Hi and welcome to devnet,
No there's not as password management is outside of Qt's scope even though applications doing that can be built using Qt. You'll also have to distinguish between your OS password manager and application providing password management.
-
Hi and welcome to devnet,
No there's not as password management is outside of Qt's scope even though applications doing that can be built using Qt. You'll also have to distinguish between your OS password manager and application providing password management.
wrote on 22 Oct 2018, 14:12 last edited by@SGaist thank you for reply 😊, can i do like this like take the user input ans hash it and save into database , it will be secure and right way ?
-
@SGaist thank you for reply 😊, can i do like this like take the user input ans hash it and save into database , it will be secure and right way ?
@Bhushan_Sure said in Password Storing:
it will be secure and right way ?
Nothing is secure. Everyone with access to the database can extract the hash and try to reconstruct the password from it.
You can only make it hard for them to do this:
- Use restricted access rights to read the data from database
- Use long passwords
- Use good hashing algorithm with salt
Disclaimer: I'm no security expert.
-
@Bhushan_Sure said in Password Storing:
it will be secure and right way ?
Nothing is secure. Everyone with access to the database can extract the hash and try to reconstruct the password from it.
You can only make it hard for them to do this:
- Use restricted access rights to read the data from database
- Use long passwords
- Use good hashing algorithm with salt
Disclaimer: I'm no security expert.
wrote on 22 Oct 2018, 14:38 last edited by@aha_1980 ok thank you very much 😊😊, i will try this.
-
You can also use OpenSSL to encrypt the user password before saving to database (then you must make sure you keep your master password safe - or not saved at all, anywhere). Because, as I understand, you want to store the passwords and be able to read them back - if yes then storing a hash of the password alone will give you nothing (hashing functions are one-directional: you can't un-hash something and get the original string).
-
If you want a nice example on how to manage user password in a database, take a look at the Django project. It's in python but their default to hash user password is pretty good.
-
You can also use OpenSSL to encrypt the user password before saving to database (then you must make sure you keep your master password safe - or not saved at all, anywhere). Because, as I understand, you want to store the passwords and be able to read them back - if yes then storing a hash of the password alone will give you nothing (hashing functions are one-directional: you can't un-hash something and get the original string).
wrote on 22 Oct 2018, 19:40 last edited by@sierdzio Thank You , I will try openssl also.
-
If you are trying store on android, I suggest you go the native way & use keystore in Android. That is the best to achieve.
-
If you are trying store on android, I suggest you go the native way & use keystore in Android. That is the best to achieve.
wrote on 23 Oct 2018, 07:40 last edited by@dheerendra okay sir 😊😊
5/10