How to store password used for web scraping?

608 views Asked by At

I'm creating a web app (MyApp) which depends on information from another web app (AnotherApp). Every user in MyApp will have a profile synced with his AnotherApp profile. Obviously I'll scrape the data from AnotherApp, but I don't know how to correctly (in means of security) store and use users' credentials from AnotherApp. I need the credentials to authorise before syncing the data with AnotherApp.

So how to do it without making my users' passwords vulnerable?

Update:

Here's the context: it's about a legacy student system used in my university which kinda sucks and I want to provide a better experience to the students. I want to provide better data visualisation and data organisation. Also to add social element. There is no API and stuff, because legacy. I'll provide more details if needed.

1

There are 1 answers

3
TheGreatContini On

You shouldn't be storing credentials of users for somebody else's system. This is the whole point of Oauth. Sure, you may think that you are a perfectly fine and honest person, but how are you going to respond about having student information on your app when it gets hacked? Such a scenario is not fiction. So I highly advise you to consult your university for permission to work on this before you go ahead with it, and then discuss with them how you want to get authorisation to sync your app with theirs. Any answer provided here that does not take into consideration the requirements of your university should not be followed.

Yes, I know, I didn't provide the answer you wanted, but for very good reason.