Storing credentials

From OWASP
Jump to: navigation, search

Storing Credentials

Status: This article is in progress

Normally an application would store credentials in a database (RDBMS, LDAP, etc.) for retrieval in the future by a functionality such as login procedures, data verification, etc. By storing credentials we are referring to not only username and passwords but relevant information that might be exploited by attackers in one way or another. Example of these credentials are the following:

  • Username and passwords
  • Credit card information
  • Billing and Shipping Address
  • Medical records and/or history
  • Contact information - e-mail, telephone numbers, mobile numbers, etc.

This poses many security risks such as:

  • Loss of confidentiality
  • Privacy violation
  • Data Integrity