Hi,
I'm making a business PDA application which gets and sends data from and to an Axapta database.
For this i'm using SqlCE3.0
The problem I have now is that I have quite some bits that are sensetive information, namely the username/pass of the IIS folder where the SqlCE dll resides and the username/pass of the Axapta database.
if possible i'd like to store the passwords in a secure storage on the device, does this possibility exist
and if not, is it safe to store the key to decrypt/encrypt a password in code (I assume not, but where else if no secure storage exists)
Thanks in advance,
Ben.
Secure password storage
Ro0ke
Or you can ask user for a password on your application startup and authenticate on the server. Server can then issue temporary credentials for application to use which would be valid for a short period of time and would never be stored on device.
Neil_D_Jones
Not really, no. Even if you encrypt the password you’d need to store decryption key in clear text to decrypt it so anybody can find it and decrypt the password. Same problem is with “secure storage” – if you can retrieve stuff from it, anybody could. Consider asking user for a password.
c1t1z3n0
as this would have to be done everytime a sync or transaction is made this is not really feasable.
I'll try to limit the user rights and make that the security (the user they would use would be restricted to insert rights on 3 temp tables only)