this post was submitted on 02 Aug 2023
9 points (100.0% liked)
Ask Experienced Devs
1064 readers
1 users here now
Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think most applications store it in plain text, but makes sure the file is only readable by the current user. This way, we rely on the protection of the OS, instead of doing it ourselves. (I'm not a desktop app developer, so I might be completely wrong, but I think this is what e.g. Firefox does).
Yeah it's not too rare to store passwords in config files (e.g
~/.config/appname/config.json
) usually at least base64 encoded to support special characters. It is usually better to try and store a token instead as they can be revoked or expired. If you have to store a password it might be fun to look into storing it in the system keychain, at least for macos or Linux, not sure if Windows has a keychain.