My Project Idea and thoughts..

Question

0.00/5 (No votes)

See more:

Please read it and I am excited for comments and suggestions are welcomed.

After discussing with friends and knowledgeable people, I found that good project is that which is useful in real time applications. So I decided for to build a project named "Password Encryptor and Saver".
This comes from fact that many people forget there password of email accounts and various other accounts. So I decided to develop a software which will have MS access database and it will store these emails and passwords when users enter them in it.
But this might be vulnerable as if someone get access to database he can have all users id and password. To avoid that I will encrypt passwords using various encryption techniques and then store encrypted passwords in database. When user wants to retrieve passwords it will decrypt that password with key used to encrypt it.

Problems may arise are
1> Connectivity of MS Access database with my software.
2> Email id are known to lot of people so when other user enter another id he may get the password.

Solution come to my mind..
We may have to create two databases one for Login into software and other to store password in database. Once user register with software he may be given a pass(key) which he will enter at login time. This key will be stored with his entries in other database for reference..

Please send suggestions......

Posted 10-Jan-12 0:26am

CurrentlyBE

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

TorstenH. · Answer 1 · 2012-01-10T02:12:00

Solution 1

Don't use MS Access. That is no good at all - not to speak about security.

There is a native Database in Java called Derby. Check that one.

Benefit is to have that DB and all that is needed for the application to be build in. Also is the DB not accessible for any user.

Also should you encrypt the password String in the database, so if anyone manages to see the value, he's still not be able to figure it out.

Posted 10-Jan-12 2:12am

TorstenH.

Comments

CurrentlyBE 10-Jan-12 11:01am

Thanks for suggesting Derby. But I don't know how to link it with my program code.

TorstenH. 10-Jan-12 13:40pm

...quite similar to MS Access. Check the tutorials, it's not complicated at all. Would also be a big effort.

CurrentlyBE 11-Jan-12 6:00am

Is Derby more secured than MS Access...

fjdiewornncalwe · Answer 2 · 2012-01-10T05:01:00

Solution 2

Don't reinvent the wheel, but if you must then please take a look at how the KeePass team did it. That open source solution is the one that is actually widely used by people for this purpose. By examining the UI in this project, you may garner a much better understanding of what is involved in maintaining a user credential database.

Posted 10-Jan-12 5:01am

fjdiewornncalwe

Comments

CurrentlyBE 10-Jan-12 12:56pm

Well I really was not knowing such software exists. Now when it is there I need to build something extra. Can you tell me about its weakness on which I can work and make my software advantageous on some issue.

fjdiewornncalwe 10-Jan-12 14:12pm

Good luck with that. As an open source solution, I don't believe you can take their code, add something to it and submit it as your own either commercially or as a school project. That part is for you to figure out.

CurrentlyBE 11-Jan-12 5:57am

Yaa syerly I won't do copy paste but because I have not used KeePass software I don't know about its UI or any other things..

CurrentlyBE 11-Jan-12 5:59am

KeePass makes the database encryption only than the data stored in database. So if anyone could get access to database everything is gone..

fjdiewornncalwe 11-Jan-12 11:08am

That is the problem with any database. If someone can hack into a database server, then they can delete the data. Whether it is a file or server based datasource doesn't matter much at that point. That is what recurring backups are for. The real value of Keepass is that it encrypts the data in a reasonably secure way and does actually store the data in a good database format. The architects of KeePass could just as easily have ported the data writing to a database instead of a flat file without much modification at all to the source.

CurrentlyBE 12-Jan-12 7:48am

But I have read something like the data is stored as it is and database itself is made secured. But problem is when data is stored as it is in good format what if anyone get access to database. So it would be nice to store data in encrypted format and when required decrypt it.

fjdiewornncalwe 12-Jan-12 8:00am

KeePass does exactly that. All data is stored encrypted in a database file.

CurrentlyBE 12-Jan-12 12:45pm

Hence even if database is encrypted using AES and TwoFish encryption algorithms data stored are still vulnerable because they are in original form and hacker if gets to database will get it. KeePass unfortunately lacks there and must work on it..

CurrentlyBE 12-Jan-12 12:47pm

So I can store encrypted data in my database and will decrypt it whenever user want it. In this way when any hacker gets to database he will get the encrypted password and not original..