On Tue, 10 May 2005, Mikey wrote:
> This is a broad question around the current practices and recommendation of
> what not to do when it comes to credentials used by applications to gain
> access to a resource or data stored elsewhere.
As you can guess similar questions were discussed countless number
of times on securityfocus :-) The usual practice is to create an
account for your program and store the `secret' in the file which is
readable only by that account owner.
> This is a broad question around the current practices and recommendation of
> what not to do when it comes to credentials used by applications to gain
> access to a resource or data stored elsewhere.
As you can guess similar questions were discussed countless number
of times on securityfocus :-) The usual practice is to create an
account for your program and store the `secret' in the file which is
readable only by that account owner.
--
Regards,
ASK
[ reply ]