Password storage/retrieval for local network server

I have an application server, written in C++ and also uses REST API to serve requests. There is no database, just a simple service which returns if the content of request is valid.


The server is in a local network and only reachable there, has no internet connections, and only meant to serve request from the same local network.

Our solution

Now I want to secure the REST API with Basic Authentication, with one user only, and have no idea if this following method to store password is secure enough :

  1. The password will be passed as parameter on deployment
  2. The deployment will encrypt (with DES) the password with a key, store it in an environment variable, say PASSWORDENV, whereas the key will be hard-coded in the application code.
  3. When request comes, the application should read the HTTP headers for id and password, encrypts the password, and compares with PASSWORDENV


  1. The encryption key is hardcoded, but I dont know any other way else to verify the password
  2. Is there any security problem with our solution ?