Prevent programmers from knowing passwords used at runtime

Question

My application connects to an FTP server with a username and password. I can create an encryption routine to encrypt and decrypt the password, but anybody with access to the source code and the encrypted password can decrypt the password.

Is there an easy way to prevent every human being from knowing the entire password used by an application? (I think it's okay if multiple people know part of the password.)

EDIT: I know FTP is not secure. Ideally, I'd like a technique that would work in any situation where a username and password are required (e.g. a database connection).

Answer 1

No. All an app user has to do is sniff their own network traffic (easy to do with Wireshark or such).

You really need a way to give each user a unique token of some sort.

Edit - more info:

Any system that relies on "secret" login information that is the same for every copy of the application is flawed by design. In order to keep things secure, every install of your app must have a unique secret that it uses to authenticate with the server. How you accomplish that is dependent on how you license/distribute your app. Here is how I would do it. (Perform all communication over an SSL connection).

1. App is launched for the first time - it sees that it has no authentication information saved.
2. App prompts you for a registration code, email address and/or however you want to identify your users.
3. App generates a public/private keypair and submits the public key with your ID info from step 2 to the server.
4. Server remembers your key and uses it to identify your app from now on.

Alternate step 3 is: app submits info from step 2 and server sends back a hash signature of the info + salt. Hash signature is now your app's key.

The important thing is that there is no "secret" shared between all your users.

Answer 2

You can refer my old question and the answers here. How to store passwords in Winforms application?. But, looking forward to some other ideas too.

Answer 3

Shouldn't there be at least one person who has access to a password or the key? Our devs don't have access to production servers. That allows the systems guys, who are allowed to know the passwords, to set the passwords when they deploy the software.

Code the software to be configurable and then keep your devs out.