[OWASP-Security101] Storing of password in application config file
Erki.Manniste at webmedia.ee
Wed Apr 4 08:36:01 UTC 2012
I was just reading about this here :
From: security101-bounces at lists.owasp.org [mailto:security101-bounces at lists.owasp.org] On Behalf Of Wei Chea Ang
Sent: Tuesday, April 03, 2012 4:58 PM
To: security101 at lists.owasp.org
Subject: [OWASP-Security101] Storing of password in application config file
What is the recommended way of storing password in an application config file?
Is it recommended to store the hash value or the encrypted value of the password?
Will application be vulnerable to pass the hash attack if application authenticate by comparing the hash value?
Security101 mailing list
Security101 at lists.owasp.org
List Run By OWASP
List Admin: Michael.Coates at owasp.org
More information about the Security101