I've had to implement an automated SFTP file transfer which requires a username and password.
Not wanting to leave the password in a text file / batch script for the world to stumble across, I've elected to store the username and password in a specific user's environment variables for safety reasons.
When the automated WinSCP script runs, it works as stipulated.
Now, naturally, any user with appropriate administrative permissions can edit the registry and find the credentials in there. While more secure than a standard batch file, I'm still not entirely happy about this.
What I want to know is whether or not there's a safer way to store sensitive variables than this, and whether there is a better approach others have thought of?