Monday, October 7, 2013

Do you save login password in Keystore?

I don’t know the real use of Keystore? But I do know it was a file created using keytool provided by JDK. What I’m concern about is do you keep username and credential of a web application in keystore? The feedback I got from forum is not encourage to do so because Keystore is a file, keeping this file somewhere else will create additional vulnerabilities.

No comments: