StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSafely storing passwords when access to the plaintext is still needed
primarykey
Id
5099855
data
AcceptedAnswerId
5106617
AnswerCount
2
ClosedDate
2011-02-25T06:04:45.323
CommentCount
7
CommunityOwnedDate
CreationDate
2011-02-24T02:54:53.340
FavoriteCount
8
LastActivityDate
2011-02-24T15:20:39.157
LastEditDate
2017-05-23T12:23:25.543
LastEditorUserId
-1
OwnerUserId
600618
ParentId
0
PostTypeId
1
Score
11
ViewCount
1837
LastEditorDisplayName
text
Body
<blockquote> Possible Duplicate: <a href="https://stackoverflow.com/questions/5089841/php-2-way-encryption-i-need-to-store-passwords-that-can-be-retrieved">PHP 2-way encryption: I need to store passwords that can be retrieved</a> </blockquote> I know that the best practice for storing user passwords is to store only an irreversible hash of the password. However, I am developing an application where I will need to store a user's login information for another web service -- I'll need to periodically log them in and perform some maintenance tasks. Unfortunately, the service doesn't offer authorization tokens so I (very apprehensively) have to store the passwords in a way that I can access their plain-text values. I don't own or control the service to which I am authenticating, and the only method is to 'borrow' a users username and password and authenticate. I am planning to AES_ENCRYPT the passwords in the DB, which means that if somebody is somehow able to access the DB they won't be able to get the plaintext. However my code will need to have access to the key to unencrypt them, thus if the entire server is compromised this is no protection and the passwords will be revealed. Aside from the above-described encryption, are there any best practices or steps I can take to do this as safely as possible? EDIT I know that whatever I do, ultimately the passwords must be accessible in plaintext and so a compromised server means the passwords will be revealed, but I am wondering what steps I can do to mitigate my risk. E.G. encrypting the DB protects me in the situation where the DB is compromised but not the entire server. Other similar mitigating steps would be much appreciated.
Tags
<security><encryption><passwords>
Title
Safely storing passwords when access to the plaintext is still needed
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USJesse Cohen
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTDuplicate
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POSafely storing passwords when access to the plaintext is still needed
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POSafely storing passwords when access to the plaintext is still needed
 UserUserId
 USSamuel Neff
 VoteTypeVoteTypeId
 VTFavorite
3. VO
 singulars
 PostPostId
 POSafely storing passwords when access to the plaintext is still needed
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.