Return to Question

Context

When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another one is MySQL credentials.

Storing these plain text in the applications source code doesn't provide any true security since it isn't too much hassle to reverse engineer a program. Gathering the credentials from a server won't do the trick either since hackers easily can perform requests themselves. Neither will encryption of the stored credentials make any difference since the application will need access to the decryption key to be able to use the credentials at all.

Question

How can one store application specific credentials securely? Preferably cross-OS.

Note: The relevant language is Java, however, I believe (think) that this is a language unspecific question.

Context

When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another one is MySQL credentials.

Storing these plain text in the applications source code doesn't provide any true security since it isn't too much hassle to reverse engineer a program. Gathering the credentials from a server won't do the trick either since hackers easily can perform requests themselves. Neither will encryption of the stored credentials make any difference since the application will need access to the decryption key to be able to use the credentials at all.

Question

How can one store application specific credentials securely? Preferably cross-OS.

Note: The relevant language is Java, however, I believe (think) that this is a language agnostic question.

Context

When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another one is MySQL credentials.

Storing these plain text in the applications source code doesn't provide any true security since it isn't too much hassle to reverse engineer a program. Gathering the credentials from a server won't do the trick either since a hacker easily can do perform a request himself. Neither will encryption of the stored credentials does any difference since the application will need access to the decryption-key to be able to use the credentials at all.

Question

How can one store application specific credentials securely? Preferably cross-OS.

Note: The relevant language is Java, however, I believe (think) that this is a language unspecific question. Feel free to edit the tags if you disagree.

Context

When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another one is MySQL credentials.

Storing these plain text in the applications source code doesn't provide any true security since it isn't too much hassle to reverse engineer a program. Gathering the credentials from a server won't do the trick either since hackers easily can perform requests themselves. Neither will encryption of the stored credentials make any difference since the application will need access to the decryption key to be able to use the credentials at all.

Question

How can one store application specific credentials securely? Preferably cross-OS.

Note: The relevant language is Java, however, I believe (think) that this is a language unspecific question.

When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another one is MySQL credentials.

Storing these plain text in the applications source code doesn't provide any true security, since it isn't too much hassle to reverse engineer a program. Gathering the credentials from a server won't do the trick either, since a hacker easily can do perform a request himself. Neither will encryption of the stored credentials do any difference, since the application will need access to the decryption-key to be able to use the credentials at all.

How can one store application specific credentials securely? Preferably cross-OS.

(The relevant language is Java, however I believe (think) that this is a language unspecific question. Feel free to edit the tags if you disagree.)

Context

When developing desktop applications, you will occasionally have to store credentials somewhere to be able to authenticate your application. An example of this is a Facebook app ID + secret, another one is MySQL credentials.

Storing these plain text in the applications source code doesn't provide any true security since it isn't too much hassle to reverse engineer a program. Gathering the credentials from a server won't do the trick either since a hacker easily can do perform a request himself. Neither will encryption of the stored credentials does any difference since the application will need access to the decryption-key to be able to use the credentials at all.

Question

How can one store application specific credentials securely? Preferably cross-OS.

Note: The relevant language is Java, however, I believe (think) that this is a language unspecific question. Feel free to edit the tags if you disagree.