[OWASP-Security101] Storing of password in application config file
patrick_laverty at brown.edu
Thu Apr 5 14:03:33 UTC 2012
Just saw a presentation about this at AppSecDC.
On Tue, Apr 3, 2012 at 9:57 AM, Wei Chea Ang <weichea at gmail.com> wrote:
> Hi all,
> What is the recommended way of storing password in an application config file?
> Is it recommended to store the hash value or the encrypted value of
> the password?
> Will application be vulnerable to pass the hash attack if application
> authenticate by comparing the hash value?
> Thank you.
> Best Regards,
> Wei Chea
> Security101 mailing list
> Security101 at lists.owasp.org
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org
More information about the Security101