This code will run successfully, but anyone with access to
config.properties can read the value of password and easily determine
that the value has been base 64 encoded. If a devious employee has
access to this information, they can use it to break into the system.
The following code reads a password from the registry and uses the
password to create a new network credential.
string value = regKey.GetValue(passKey).ToString();
This code will run successfully, but anyone who has access to the
registry key used to store the password can read the value of password.
If a devious employee has access to this information, they can use it to
break into the system.
Passwords should be encrypted with keys that are at least 128 bits in
length for adequate security.
Password management issues occur when a password is stored in plaintext in
an application's properties or configuration file. A programmer can attempt
to remedy the password management problem by obscuring the password with an
encoding function, such as base 64 encoding, but this effort does not
adequately protect the password.
The "crypt" family of functions uses weak cryptographic algorithms and
should be avoided. It may be present in some projects for