How to effectively save database password in desktop application?

Question

I'm making desktop application (lets call it app) which uses database (mysql). More app's users share one database user. Example : John and Mike app users connect to DB as "dbuser", etc.

The problem is : How do I effectively save passwords for DB users? (app users's pwds are stored in DB).

Possible solutions I found : 1. in the code - this is actually pretty stupid :D 2. in the text INI file - easy to read! 3. encrypted in extern file - good, but need access to app.

Answer 1

(app users's pwds are stored in DB).

Encrypt stored passwords using SHA1/SHA2 algorithm. This is the most used technique. I'm not a .NET developer but I'm pretty sure that they provide the function somewhere.

When user logs in, encrypt again the given password and compare it to the stored one. If they are equal, let the user log in.

Answer 2

You can store it in the INI file in the encrypted format. That is best way IMHO. I stores connection string in the App.config of .NET application in the encrypted format.

EDIT:

To edit connection string, I use another configuration value in AppSettings of App.Config file CSEncryption="Y|N|R"

if it is Y, connection string is encrypted, decrypt and use it.

if it is N, connection string is not encrypted, use it directly.

if it is R, connection string is not encrypted, encrypt it and update connection string and set CSEncryption to 'Y' in App.Config.