3

I need to save a user's login information in encrypted form for this application I'm building, but I'm not sure of the best place to save the file. I don't want to save it into the program application folder as I want it per user.

So what is the best folder (or way) to save it into?

Edit: Using C++.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Lodle
  • 31,277
  • 19
  • 64
  • 91

6 Answers6

3

Seems like C:\Documents and Settings\%username%\Local Settings\Application Data may be the appropriate place according to Wikipedia. The article says this location is used for "User-specific and computer-specific application settings".

Edit: Cruizer pointed out in the comments (I'd reply there but I can't comment yet) that in Vista it is C:\Users\%username% and that it shouldn't be hard-coded. Thanks.

Mark A. Nicolosi
  • 82,413
  • 11
  • 44
  • 46
  • 1
    Vista doesn't have C:\Documents and Settings\%username% --> it's in C:\Users\%username% by default, and it can be changed so the path shouldn't be hard-coded – cruizer Sep 29 '08 at 05:27
  • 3
    The proper way to get this folder is by calling: SHGetSpecialFolderPath(NULL, szPath, CSIDL_PERSONAL, false) – Bill Oct 21 '08 at 15:28
  • Ammendment to my comment. You need to use CSIDL_APPDATA. CSIDL_PERSONAL is for the users documents directory. – Bill Oct 21 '08 at 15:30
2

Use the Data Protection API (DPAPI) - a part of the CryptoAPI in XP and Vista. Here's a good overview of DPAPI - http://msdn.microsoft.com/en-us/library/ms995355.aspx

Franci Penov
  • 74,861
  • 18
  • 132
  • 169
1

Yeah, local application path looks like a winner.

I found this article in MSDN to get it in C++: http://msdn.microsoft.com/en-us/library/bb762494.aspx

Example:

char localAppPath[MAX_PATH];
SHGetFolderPath(NULL, CSIDL_LOCAL_APPDATA, NULL, SHGFP_TYPE_CURRENT, localAppPath);
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Lodle
  • 31,277
  • 19
  • 64
  • 91
  • You should not store user credentials in a plain file, even if encrypted. You should really keep these in the Data Protection storage. But it's your choice after all... :-) – Franci Penov Sep 29 '08 at 05:20
0

are you using .NET? how about IsolatedStorage? That way you wouldn't have to worry about the directory location, it'll just be there...

cruizer
  • 6,103
  • 2
  • 27
  • 34
  • You may need to take care that new versions/ installs of the application can still see your original isolated storage file. – FryHard Sep 29 '08 at 04:55
0

User information should always go in some sub directory in %HOMEDRIVE%%HOMEPATH% (Which maps to the users home directory). No exceptions. A good place for application specific settings per user is a sub directory inside %APPDATA%. This maps to: "%HOMEDRIVE%%HOMEPATH%\Application Data" on XP and to: " %HOMEDRIVE%%HOMEPATH%\AppData\Roaming" on Vista.

olle
  • 1,196
  • 7
  • 10
0

If you are using .NET to get special folders you can use

Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);

or

Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);

for the non-roaming version.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131