What is the best way to keep passwords configurable, without having them too easily available to the casual human reader?

by

I’m assuming you want to hide the passwords from casual observers. If they were evil, steely eyed observers with access to all the source code on one of the machines that connects, then they can get the password with a bit of reverse engineering.

Remember that you do not need to use the same protection for each different client. A few steps:-

  1. Create different database accounts for different systems that access your database
  2. Limit access on the database to only what they need using your inbuilt database GRANTs
  3. Store a triple DES (or whatever) key inside a password manager class on your database. Use this to decrypt an encrypted value in your properties file.

We have also considered having the application prompt for a pass-phrase on startup but have not implemented this as it seems like a pain and your operations staff then need to know the password. It’s probably less secure.

More Related Contents:

  1. Best way to store password in database [closed]
  2. Spring Security:password encoding in DB and in applicationContext
  3. How to login and authenticate to Postgresql after a fresh install?
  4. Normalization in database management system
  5. Database development mistakes made by application developers [closed]
  6. Copying PostgreSQL database to another server
  7. Surrogate vs. natural/business keys [closed]
  8. Do you use source control for your database items? [closed]
  9. database vs. flat files
  10. First name, middle name, last name. Why not Full Name?
  11. What are the design criteria for primary keys?
  12. Oracle (ORA-02270) : no matching unique or primary key for this column-list error
  13. How do I output the results of a HiveQL query to CSV?
  14. How can I avoid SQL injection attacks?
  15. What is the recommended way to delete a large number of items from DynamoDB?
  16. Supertype-subtype database design
  17. Storing time-series data, relational or non?
  18. Why should I use document based database instead of relational database?
  19. Good Free Alternative To MS Access [closed]
  20. SQLite insert speed slows as number of records increases due to an index
  21. What’s wrong with nullable columns in composite primary keys?
  22. wikidata get all properties with labels and values of an item
  23. Convert String ISO-8601 date to oracle’s timestamp datatype
  24. Are Cloud Firestore queries still case sensitive?
  25. How should you build your database from source control?
  26. Populating Spinner From SQLite Database Android
  27. List of standard lengths for database fields
  28. How to find SQLITE database file version
  29. Oracle: How do I convert hex to decimal in Oracle SQL?
  30. Pros/cons of document-based databases vs. relational databases

Leave a Comment