I\'ve been tasked with writing a module for my company to interface with an exte

Question

I've been tasked with writing a module for my company to interface with an external api. This api has a syntax similar to ssh where I have to incorporate the user details as well as the host address of the server I'm trying to connect to.

However, I run into the security issue that in order to pass the user details, I need to have them in plaintext. Even worse is the fact that these user details are actually the user details for the machine that the server is running on. Is there a smart way to do accomplish this task without going overboard and using an external login server? I know there have been similar discussions where the conclusion "Don't do it" was reached, but in this case I really have no control over the way the API works.

Thanks!

Explanation / Answer

If you can't change the API, then you need to either store the password or ask for it from the user every time you need to make an API call.

Assuming that asking isn't practical, store the password encrypted. No, it won't stop a serious attacker, but it's better than nothing: storing the password in plaintext won't even stop a script kiddie.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.