Securing a password in source code?

Question

I have a password in my code which is needed to connect to a sftp server. Whats the best way to \"obfuscate\" or hide it in the code?

Thanks

Answer 1

There's not much you can do against someone who really wants your password. However, if this isn't a public app (intranet? in-house app or something) you could simply encrypt it using a symmetric encryption algorithm, or do something like base 64 encoding it. You could also run an obfuscator over your code to make it less obvious that there is a password in there somewhere.

Do you have another option? Raw SFTP access is kinda dangerous, maybe you can create some sort of proxy service in between, which only allows the specific actions your app requires. Storing the password for that service in your code is a not as risky as storing your SFTP password in your code.