How to store user tokens?

V

VanKrock2015-07-28 20:54:42

Database

VanKrock, 2015-07-28 20:54:42

There are user tokens from social networks that are needed to work with social networks API, how to store them in the database? How to encrypt them?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry Entelis, 2015-07-28
@DmitriyEntelis

Encryption will not work. plaintext.
You need to understand that the main reason for encrypting user passwords in databases is not a potential risk "hoho we will merge the database, but the passwords will not be picked up" - but simply karmic responsibility, because the vast majority of people have the same passwords in different services and mail.
upd related question:
What is the best way to securely store critical variables?

W

Walt Disney, 2015-07-28
@ruFelix

You don't have to keep them.
The user gives access to your application with such and such id access to such and such data. Everything, until the user revokes rights from your application, he can use the application's access key to access what he has allowed you.
Above, we are talking about vk and fb applications, in standalone applications it is a little different, but the essence is the same.