Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storing Credentials for Secured Resources?

Posted by ryuzaki0 on from the security-and-web-applications dept.

diverman asks: "It is very common for web applications (be them Java, Perl, PHP, .NET, or shell script) to need knowledge about credentials to access another resource. Perhaps it's a relational database login, an FTP account for transferring files, or maybe a authentication credentials to another web service. Whatever it is, most developers have likely had to write a program that needs to keep a password for later use. The big issue now is: where do you put them?" "Having passwords sitting around in clear-text isn't the wisest of ideas, and is against most security 'best practice' guidelines. Some apps and servers have chosen to base64 encode it (I believe WebSphere does this), and that's about as safe as clear-text. What I've been trying to find is a mechanism that behaves like how Apache loads properly signed SSL certs, that require a password when starting up the web server. The password could be used to decrypt a key-store for various application/resource credentials, and then make them available. Exact implementation isn't the question, as much as ANYTHING that does this at all. Are there any Apache modules that can place authentication information in ENV variables for executed apps, after decrypting them on server startup? Are there ways to have Java containers do something similar? It seems like this is something that is a very common problem, but not a very common question, with an even less common solution."

3 of 64 comments (clear)

  1. Most?!? by NevarMore · · Score: 2, Funny

    "Having passwords sitting around in clear-text isn't the wisest of ideas, and is against most security 'best practice' guidelines."

    MOST?!?

    Which security guidlines say it is ok and what companies are using them?

  2. Obvious? by Ahnteis · · Score: 2, Funny

    Plain text. On my desktop. Named "sensitive passwords.txt".

    I'll trade a paper version for a candy bar. :)

    I am your users!

  3. It's easy. by Pig+Hogger · · Score: 2, Funny
    You write it encoded with a super secret reel (found in all package of Admiral Crunch Hacker Cereals) down on a piece of banana paper using cherry juice so it is only visible when you heat it with a hemp flame, then fold it in 64 and tie it up with a piece of wire, put it in a tiny ziplock bag, dip it in sealing wax and put it in a film canister, which you dip in tar, then wrap it securely in wax paper.

    Put it into a tiny sample jar of pineapple jam which you give to your aunt Emma (aunt Emma doesn't like pineapple jam) for her to put in the barley hopper. So, this way, nobody will know the password and be able to know, unless they read /.