Hi Gurus,
I need to encrypt the Db passwords which are stored in a configuration file (.txt) as below:
stage_db_pwd=ABC
this is test line
content_db_pwd=123def
This is test line 2
stg_db_name=xyz
I want to encrypt all the password fields (identified by "pwd"), encrypt them in the same file. The output should look like this:
stage_db_pwd=%8hjdsk=
this is test line
content_db_pwd=!yhdskk*&=
This is test line 2
stg_db_name=xyz
Regards,
Ashish
Sure that is a reasonable thing to do? Being a configuration file, it will be read and interpreted as is when the pertaining application starts. So you would need to decrypt the password for every app. startup, then encrypt it again. Plus - but I'm leaving my safe ground now - , you'd need to apply sort of a two way or reversible (seems more an MS term) encryption as opposed to the usual password hashing/encryption/storing algorithms.
This is an extremely common question but always has the same inescapable conclusion.
If your database can decrypt it at will without secrets -- so can anyone else.
Yes, but --
Encryption does not work that way.
But what if --
Encryption does not work that way.
Maybe if it --
Encryption does not work that way.
To prevent people from reading your passwords, chmod.
To prevent people getting access to something which reads the passwords, sudo.
To prevent root from getting at it... You're out of luck.
This question fools everyone eventually... I spent a long while earlier this year down a rabbithole trying to find a way to make arbitrary apache suexec secure, until I realized I was fighting what amounts to the same problem -- how to prove identity to the computer without using secrets.
Depending on your database, is there a way of defining the user as identified externally, i.e. I trust them because they have logged on to the server?
With Oracle you can set this up then just need a simple sqlplus / from the command line or a script to get connected. No credentials needed thereafter. Naturally it does not work for network connections to the database as that would be insecure.
What type of database are you connecting to?
Robin