Secure text passwords in configuration

Question

Secure text passwords in configuration

In web applications, you must store passwords somewhere, for example, to connect to the database. This is usually done in the configuration file in plain text.

I tried to make it more secure and saw Jasypt (www.jasypt.org), which allows you to encrypt these passwords. But you still need a key to decrypt them, which just moves the problem. Then I moved this key to the system environment variable so that it is at least outside the application. But I still think that does not change much?

How do other people solve this problem?

+8

java security

Nathan q Aug 1 '14 at 7:15

source share

4 answers

You must ask yourself the question: from whom do I want to protect the password?

As @Martin already said, sysadmin will always have access, and it should, because it is the one who supports the system. You cannot hide anything from the server administrator.

So, I would go with the configuration files. Anyone who sets up the database for your application will also set up the password (and username) for the database in the configuration file.

Just make sure that not everyone can read the configuration file, so that only privileged users can read the file, this is the best you can do.

+2

Ortwin angermeier Aug 1 '14 at 10:11

source share

Do NOT use command line arguments to pass passwords to your application, as command line arguments may also be visible to non-admin users (depending on the operating system). If another user is allowed to use process lists (e.g. ps, Taskmanager, ProcessManager), arguments may appear there.

+2

mschenk74 Aug 1 '14 at 12:54

source share

Agree with Martin. Saving passwords in environment variables is the best way to protect them from prying eyes.

This method is standard practice in Ruby on Rails applications, as you can see in the link below:

http://richonrails.com/articles/environment-variables-in-ruby-on-rails

+1

kreizlie Aug 1 '14 at 8:46

source share

Martin · Accepted Answer · 2014-08-01T07:35:31+0000

Do not store production passwords in the configuration file inside the source code.

This will make anyone with access to the code a de facto administrator. Environment variables installed on the production server are a good way. You can force the application to get the value from there and have different values for different environments (dev, test, live). This allows, for example, sysadmin to know production passwords (they have access in any case, these are their jobs), without requiring developers to know them.

Works well in my experience.

Secure text passwords in configuration

More articles: