Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Savostin2011-11-15 15:46:53
Google Workspace
Sergey Savostin, 2011-11-15 15:46:53

"Remote Hands" and password security

Please tell people who know the direction of digging.

There is an idea to make a service that will perform automatically, without user intervention, certain actions on another, third-party site. Naturally, a third-party site requires authorization by login / password. OAuth is not. Those. To enter the site, you always need a username / password combination. There is also a session key, which, in theory, can be obtained and stored instead of a login / password, but there is a chance that the key will become invalid. Then the user will have to "transition", which is not convenient. Yes, and it will be necessary to maintain this key by constantly “pinging” a third-party service.

Actually the question is - how to organize all this as securely as possible , so that the user feels protected and secures himself as much as possible from theft of client passwords?

So far, I see only a variant with a cunning self-written encryption algorithm (or a “normal” algorithm with a salt hardcoded into the source) compiled into executable code, and the username / password is clearly encrypted in the database.

Once again I will clarify the scheme:
1. The user registers on my service, leaves (?) a login / password from a third-party service
2. The service itself (by cron) logs in for the user on a third-party service, performs actions, writes logs.
3. The client comes to my service, checks the logs.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
G
GavriKos, 2011-11-15
@GavriKos

Usually, how secure the user feels is not much dependent on how and what you encrypt - the user does not see it all. Protect against theft - yes, encryption, salt ...
And a third-party service - one fixed?

Report
S
sajgak, 2011-11-15
@sajgak

if a third-party service does not support open authorization, then only a login with a password. You can of course pervert, but usually the slightest change in the logic of the service, and you have to look for a new way to store data.

Report
S
Sergey Savostin, 2011-11-15
@savostin

What are the recommendations for the encryption method? Say DES_ENCRYPT is fine?

Similar questions
M
m0ps2012-01-03 13:06:16
YouTube is not available for Google Apps 2Reply
S
sajgak2012-01-23 14:48:25
Google mail api for php (Google Apps for domain) 3Reply
I
IvanFF2012-06-29 12:08:33
How do I assign tasks to other employees in Google services? 4Reply
G
ghostku2015-11-29 21:47:19
How to interact with Google Apps Script? 1Reply
M
max_rip2012-10-01 21:27:09
Spam from my domain? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question