Secure storage of database credentials
- From: Michael Martinek <michael.martinek@xxxxxxxxx>
- Date: Tue, 06 Nov 2007 01:06:03 -0000
Greetings,
While researching options for secure storage of database credentials,
I'm finding that there aren't really any solutions available "in-
code". In essence, what I'm looking for is securely storing database
connectivity credentials. By "secure", I mean disallowing any ability
to view the credentials.
At first, I began developing a system that would take a full file
name, the MD5 hash of the file contents, and other basic data about
the file and add it to a database table. Then I wrote a key management
file that would take the file name, get the MD5 hash of that file, and
return a MySQL connection if those credentials were valid and the file
had never changed. These permissions were set up by a script that
would process a given file for entries like:
//@dbaccess <host>|<database>|<permissions>
$lnkSQL = new EB_KeyManagement(<host>, <database>);
//$lnkSQL should now be a MySQL link to the host/DB with the requested
permissions
Then it would hash the file contents, and add it to a database table
with the full file name, content hash, the permissions, etc. It would
also create and set up a user with the requested permissions on the
host/database. The user and password would both be based on the file +
some random data.
This would allow for a senior developer or anyone to review the file
to see if a developer is trying to retrieve the username/password for
the database, before they actually "committed" the file and gave it
rights to retrieve data from the database. For the key manager to
retrieve from the database, it would use a username and password based
on the MD5 hash of itself, to ensure that no one had gone in and added
some code to echo the username and password before doing the actual
connection.
If -ANY- changes are made to the key management file (to echo a
username or password), then it will fail to connect to the database
because the MD5 hash of the contents is used in the username and
password. The flaw in this, of course, is that someone could just
create a new file and do an MD5 hash of the key manager file (since
it's open code), and connect to the database and retrieve the username
and passwords anyway. Perhaps one way around this would be to create a
procedure that retrieves the credentials, and adds an access entry so
that an administrator can review them.
The end goal that I'm looking for is to retrieve database credentials
in an environment where even a user can get a database connection, but
can never actually see the username and password.
Has anyone ever put thought into securely storing database
credentials? What are your views on it, and suggestions?
Regards,
Michael Martinek
.
- Prev by Date: gzuncompress() Not Working.
- Next by Date: More info on timeout problem, with code
- Previous by thread: gzuncompress() Not Working.
- Next by thread: Chinese input character count
- Index(es):
Relevant Pages
|
