[Qt-interest] QT- Saving file name and passowrd
Konrad Rosenbaum
konrad at silmor.de
Sun Feb 8 09:16:13 CET 2009
Hi,
On Friday 06 February 2009, Ravi_Kalepalli wrote:
> Hi
> I am implementing the PhotoGallery application with a password protection
> for each folder. For example I have the following four folders in my
> Gallery
> Birthday
> Marriage
> Personal
> Sports
> I am appeneding the password for each folder in QFile. If the entered
> password is "abc", it will save the password as abcBirthday in my QFile.
Wow. From a security perspective this sounds horribly wrong.
For one: never store secret information in file names.
And then: what does the password protect? From what I'm reading the users
could easily go to that folder themselves, look at your file names and even
open the pictures in a different program. So why bother?
As for storing passwords: why not create a file inside the folder that
contains a hash of the password (see QCryptographicHash).
> What I want is, from next time whenever I am verifying the password,
> The entered password should read the entire QFile, and should check
> whether password is set for that folder or not. If already password
> entered, it should not allow setting the password.
I'm leaving this up to you - it is a very basic programming task. ;-)
Konrad
--
Note: I'm changing my PGP/GPG key soon! New KeyID: 723A6200
Fingerprint: B37C FA75 8C4C 6537 7954 CBC0 CB15 C991 723A 6200
Keyserver: wwwkeys.eu.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.qt-project.org/pipermail/qt-interest-old/attachments/20090208/7ba77b06/attachment.bin
More information about the Qt-interest-old
mailing list