Security strategies for storing password on disk

Posted by Mike on Stack Overflow See other posts from Stack Overflow or by Mike
Published on 2010-05-19T18:47:46Z Indexed on 2010/05/19 18:50 UTC
Read the original article Hit count: 188

Filed under:
|
|

I am building a suite of batch jobs that require regular access to a database, running on a Solaris 10 machine. Because of (unchangable) design constraints, we are required use a certain program to connect to it. Said interface requires us to pass a plain-text password over a command line to connect to the database. This is a terrible security practice, but we are stuck with it.

I am trying to make sure things are properly secured on our end. Since the processing is automated (ie, we can't prompt for a password), and I can't store anything outside the disk, I need a strategy for storing our password securely.

Here are some basic rules

  1. The system has multiple users.
  2. We can assume that our permissions are properly enforced (ie, if a file with a is chmod'd to 600, it won't be publically readable)
  3. I don't mind anyone with superuser access looking at our stored password

Here is what i've got so far

  • Store password in password.txt
  • $chmod 600 password.txt
  • Process reads from password.txt when it's needed
  • Buffer overwritten with zeros when it's no longer needed

Although I'm sure there is a better way.

© Stack Overflow or respective owner

Related posts about unix

Related posts about password