'How to securely store a user password in java for reuse throughout application

At the start of my Java application, I have the user enter his username and password. These credentials are stored in a ConnectionKey object which is used as the application makes queries to a web service. Each query requires a valid username and password. Also, these queries are performed throughout the entire life of the application.

Right now I am storing the user password as simply a String in the ConnectionKey. I know this is highly insecure, and I would like to make this more secure by some sort of encryption. However, I need to be able to retrieve the original user password in order to query this web service.

  • How can I securely store the user password, while still using this password throughout the application?

Thanks!

EDIT

ConnectionKey is simply a class like so:

class ConnectionKey {

    private final String user;
    private final String pass;
    private final String server;

    public ConnectionKey(String user, String pass, String server) {
         this.user = user;
         this.pass = pass;
         this.server = server;
    }

}


Solution 1:[1]

To begin with, I am sure that you read the following question on SO Why is char[] preferred over String for passwords? Which implies that if you have plain password, at least be it a char[] not String

Other than that, to securely store a user password, you should encrypt it with a well-known, well-tested (and usually one-way) encryption algorithm.

This maybe contradicts with what you asked and how you use ConnectionKey, but the problem is easy encrypt your password and change your api/methods where password is used.

For example, if you are trying to validate a ConnectionKey on the server side, change that method to work with encrypted passwords, that is, use the same encryption algorithm for the known password and compare it with the incoming encrypted one.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Community