[OWASP-Security101] Storing of password in application config file

Wei Chea Ang weichea at gmail.com
Tue Apr 3 13:57:49 UTC 2012

Hi all,

What is the recommended way of storing password in an application config file?

Is it recommended to store the hash value or the encrypted value of
the password?

Will application be vulnerable to pass the hash attack if application
authenticate by comparing the hash value?

Thank you.

Best Regards,
Wei Chea

More information about the Security101 mailing list