Reputation: 1902
Secure plain text passwords in configuration
In web applications you have to store somewhere passwords used to for example connect to a database. This is mostly done in a configuration file in plain text.
I've been searching to make this more secure and saw Jasypt (www.jasypt.org) which makes it possible to encrypt these passwords. But you still need a key to decrypt these, which just moves the problem. Then I moved this key to a system environment variable so it's at least outside of the application. But I still think this doesn't really change a lot?
How do other people solve this problem?
Upvotes: 8
Views: 3053
Answers (4)
Reputation: 3591
Do NOT use commandline arguments to pass passwords to your application since the commandline arguments may be visible also to non-admin users (depending on the operating system). If another user is allowed to use process lists (e.g. ps, Taskmanager, ProcessManager) the arguments might appear there.
Upvotes: 2
Reputation: 6203
You have to ask yourself the question: From whom do i want to protect the password?
As @Martin already said, the sysadmin will always have access, and he should as he is the one maintaining the system. You can not hide anything from the admin of a server.
So i would go with configuration files. The one who will set up the database for your application will also configure a password (and username) for the database in the configuration file.
Just make sure that not everyone can read the configuration file, so that only privileged users can read the file, that is the best you can do.
Upvotes: 2
Reputation: 11
Agree with Martin. To store passwords in environment variables is the best way to protect them from prying eyes.
This method has been a standard practice in Ruby on Rails applications as you can see on the link bellow:
http://richonrails.com/articles/environment-variables-in-ruby-on-rails
Upvotes: 1
Reputation: 7723
Don't store production passwords in a config file inside your source code.
This would make any person with access to the code an admin de facto. Environment variables set on the production server are a good way to go. You can have the app retreive the value from there, and have different values for different environments (dev, test, live). This allows for instance sysadmin to know the production passwords (they have access anyway, it's their jobs), without requiring the developers to know them.
Works pretty well in my experience.
Upvotes: 4
Related Questions
- Alternative Strategy for using plaintext credentials in Java code
- How to avoid having keystore/trustore plain text password in code base?
- Securing Password on Java Program
- Java - encrypt / decrypt user name and password from a configuration file
- Encrypting a password within a Spring configuration file
- Encrypt a password in a preferences/properties file - Java
- password management
- Keeping user passwords safe in Java?
- Storing a Password String in the Code
- How can I store sensitive data in Java configuration files?