I am making desktop application (allows refer to it as application) which utilizes database (mysql). More app's customers share one database user. Example : John and Mike application customers connect with DB as "dbuser", etc.

The issue is : How do you effectively save passwords for DB customers? (application users's pwds are saved in DB).

Possible solutions I discovered : 1. within the code - this really is really pretty stupid :D 2. within the text INI file - readable! 3. encoded in extern file - good, but need use of application.

You are able to store it within the INI file within the encoded format. That's easiest way IMHO. I stores connection string within the Application.config of .Internet application within the encoded format.


To edit connection string, I personally use another configuration value in AppSettings of Application.Config file CSEncryption="YNR"

if it's Y, connection string is encoded, decrypt and employ it.

if it's N, connection string isn't encoded, utilize it directly.

if it's R, connection string isn't encoded, secure it increase connection string and hang CSEncryption to 'Y' in Application.Config.

(application users's pwds are saved in DB).

Secure saved passwords using SHA1/SHA2 formula. This is actually the most used technique. I am not really a .Internet developer but I am confident they supply the function somewhere.

When user logs in, secure again the given password and compare it towards the saved one. If they're equal, allow the user sign in.