I'm not exactly positive how to word this for the sake of the title so please forgive me. Also I can't seem to figure out how to even google this question, so I'm hoping that I can get a lead in the right direction.
Part of my software(VB.NET App) requires the ability to access/read/write a shared network folder. I have an option for the user to specify any credentials that might be needed to access said folder.
I want to store these credentials given in the SQL Server database as part of the config (I have a table which contains configuration).
My concern is that the password for the user account will be unencrpyted. Yet, if I encrypt the password the VB.NET App And/Or database will be unable to use the credentials for file i/o operations unless the Password is unencrypted before use.
I'm fishing for suggestions on how to better handle this situation.
SQL Server itself has means to store Windows credentials, see CREATE CREDENTIAL:
A credential is a record that contains the authentication information that is required to connect to a resource outside SQL Server. Most credentials include a Windows user and password.
But storing user credentials in the application, in any form, is always a bad idea. For one, they go out of sync when the user changes the password. Second, impersonating users to access resources is never the correct solution. The correct solution is to actually set up group membership and properly define access control lists on the resources.
The only correct scenarios for accessing resources are: