Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Nalomenko2021-06-25 14:57:53
Information Security
Sergey Nalomenko, 2021-06-25 14:57:53

Best practices for storing logins/passwords/tokens?

Dear community, tell me what are the best practices for storing user access (logins, passwords, tokens, etc.), which are used, as an example, to access some remote API, etc.

Configuration files are not suitable (because user - dynamic record in the database). Password hashing is also not suitable, since they are later used for authentication in some remote API

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Saboteur, 2021-06-25
@saboteur_kiev

(because the user is a dynamic record in the database)

So keep it in the database.
encrypt some AES256CBC thread and store as a base64 string

Report
R
Roman Mirilaczvili, 2021-06-25
@2ord

It is recommended to use secret vaults like Hashicorp Vault, although this is not trivial:
https://habr.com/ru/post/306812/
https://habr.com/ru/post/536694/

Similar questions
D
dm2015-05-29 13:19:38
The name of the Cyrillic font in the picture? 6Reply
N
nllm2016-07-25 16:37:07
How to view event logs in android? 1Reply
S
senserk2020-10-16 19:52:37
What is meant by remote access to ISPD? 2Reply
S
Stepgor2020-10-18 13:29:38
How difficult is it for an attacker to intercept traffic between multiple VDSs? 2Reply
T
Tpy6okyp2016-07-30 12:33:34
How to set up service bans on Mikrotik outside? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question