Best practice for storing secured passwords in objects
Hi-
I have a need to store a password in an object property of a User object.
What would be best practice for data type assigned to the "Password" property and securing that password against prying eyes, both just browsing the global as well as via SQL? Better yet, how can I prevent a specific property from being projected to SQL?
Thanks
Product version: IRIS 2020.1
Do not store passwords at all. If you need to check passwords hash and salt them - there are enough functions in $System.Encryption to get by. The only exception is when you need credentials to auth against some external system, in that case
Also check Managed Key Encryption - from the docs:
___________
The best approach is not to store password at all. Still, there are several options:
Security.Datatype.Password
datatype implementation which returns***
instead of actual password value in ODBC context.Store only hashed passwords... that's all.