What is the best way to keep passwords configurable, without having them too easily available to the casual human reader?

passwords database

Solution 1:

I'm assuming you want to hide the passwords from casual observers. If they were evil, steely eyed observers with access to all the source code on one of the machines that connects, then they can get the password with a bit of reverse engineering.

Remember that you do not need to use the same protection for each different client. A few steps:-

  1. Create different database accounts for different systems that access your database
  2. Limit access on the database to only what they need using your inbuilt database GRANTs
  3. Store a triple DES (or whatever) key inside a password manager class on your database. Use this to decrypt an encrypted value in your properties file.

We have also considered having the application prompt for a pass-phrase on startup but have not implemented this as it seems like a pain and your operations staff then need to know the password. It's probably less secure.

Solution 2:

Let's assume the following common scenario:

  • You use the same code base for all environments and your code base has the database passwords for each environment.

  • The personnel (sysadmins, configuration managers) that have access to your production application server are allowed to know the production database passwords and no one else.

  • You don't want anyone with access to the source code to know what the production passwords are.

In a scenario like this, you can encrypt and store the production passwords in property files that your application. Within the application you can include a class that reads the passwords from the property file and decrypts it before passing it to the database driver. However, the key and the algorithm used to decrypt the password are not part of the source code but rather passed to the application as a system property at runtime. This decouples the knowledge of the key from the application source code and anyone with access to just the application source code will no longer be able to decrypt the password because they do not have access to the application's runtime environment (app server).

If you are using Java take a look at this for a more concrete example. The example uses Spring and Jasypt. I am confident that some thing like this can be extrapolated to other environments like .Net

Related

Pass a vector of variable names to arrange() in dplyr
Android O - Old start foreground service still working?
What is the meaning of ? (question mark) in a URL string?
NetworkStream.ReadAsync with a cancellation token never cancels
How to set encoding in .getJSON jQuery
C# Drag drop does not work on windows 7
How to disable touch input to all views except the top-most view?
Why is each public class in a separate file?
Could not load file or assembly 'Microsoft.ReportViewer.Common, Version=11.0.0.0
How to concatenate element-wise two lists in Python
Java: String concat vs StringBuilder - optimised, so what should I do?
Parse raw HTTP Headers