I'm working on C++ project that is supposed to run on both Win32 and Linux, the software is to be deployed to small computers, usually working in remote locations - each machine likely to contain it's own users/service-men pool.
Recently, our client has requested that we introduce access control via password protection.
We are to meet the following criteria :
I'm capable of meeting the "remote" requirements using an existing library, however what I do need to consider is a method of storing this data, preferably in a way that will work on both platforms and will not let the user see it/read it, encryption is not the issue here - it's the storage method itself.
Can anyone recommend a safe storage method that could help me meet those criteria?
EDIT
We're initially considering using a portable SQLite database, however what we are interested in, is limiting the access to the file with the data to users. How can we achieve that? (file not visible to the user, file cannot be opened manually by user etc.)
EDIT 2
Cheers for the responses flowing in so far, Can we focus on ways to limit the access to the file itself? Encryption is not the issue here. What we're looking for is a way to hide and or backup the file, and only permit the "MyApp.exe" to work with it.
So far we're also investigating Alternate NTFS Streams, however we're not sure if this will work on Linux
You could use a SQLite database. As it's just a file you can use standard file permissions to restrict access. e.g. chmod 600 foo.dbs will restrict access to the file so that only the owner can read/write to it.
Then as others have suggested you store a hashed password in the database and it'll be reasonably secure.
Rumour has it that there's a commercial version of SQLite available that encrypts the entire database file. However, this shouldn't be a substitute for storing hashed passwords, merely an addition to hashing.
edit: Here's the link to the commercial version of sqlite with support for encryption of the entire DB.