[OWASP-Security101] Storing of password in application config file

Patrick Laverty patrick_laverty at brown.edu
Thu Apr 5 14:03:33 UTC 2012


Just saw a presentation about this at AppSecDC.

https://www.owasp.org/index.php/OWASP_Passw3rd_Project

https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Friends_dont_let_friends_store_passwords_in_source_code



On Tue, Apr 3, 2012 at 9:57 AM, Wei Chea Ang <weichea at gmail.com> wrote:
> Hi all,
>
> What is the recommended way of storing password in an application config file?
>
> Is it recommended to store the hash value or the encrypted value of
> the password?
>
> Will application be vulnerable to pass the hash attack if application
> authenticate by comparing the hash value?
>
> Thank you.
>
>
> --
> Best Regards,
> Wei Chea
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org


More information about the Security101 mailing list