I've seen a few suggestions, but whether they are good ones depends upon information that you don't supply. Why is the config.file encrypted in the first place? What types of threats are you protecting against? Why does your unattended application need to access the file? Is there any potential location differences (application running on another PC)? etc. etc. You can see that there are a variety of solutions that might work, depending upon the answers to these questions. It is usually bad practice to have clear passwords on a hard-drive. So if you have to do it, the next step is to minimize the impact of the password being recovered. For example: use 2 config files, one as before and the new one only for the unattended application (with different passwords naturally). Regards, Michael McKay mmckayat_private -----Original Message----- From: pablo gietz [mailto:pablo.gietzat_private] Sent: Tuesday, July 29, 2003 11:14 AM To: secprog Subject: Password Hiding Hi all This is my first post, What can I do to hide a password that is used to encrypt-decrypt a config.file? . Where to save the password?. The program must run without user intervention and use this password to access that file. Language: Delphi Platform: windows Thanks -- Pablo A. C. Gietz Jefe de Seguridad Informática Nuevo Banco de Entre Ríos S.A. Te.: 0343 - 4201351 La información y archivos contenidos en este mensaje son confidenciales y para utilización exclusiva de los destinatarios consignados. Si Usted no reviste ese carácter, no se encuentra autorizado para divulgar, copiar,distribuir o retener todo o parte de la informacion y archivos, y deberá notificarlo de inmediato al remitente y eliminarlo de su sistema. Muchas gracias.
This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 08:54:58 PDT