Secure application user.

AbuAliiiiiiiiii · August 11, 2019, 9:58am

Gents

I want command to export password of appuser to /opt/appuser.out

user password will be changed by Access Management System from time to time.

Application need this password to stay running otherwise will be impacted.

Application will keep reading this file /opt/appuser.out to get the new password whenever changed securely.

Kindly support with command.

Neo · August 11, 2019, 10:04am

Most user passwords used my apps are cryptographic hashes of text + salt.

In order to help you properly we need the details of what you are doing and how your passwords are used, stored, transmitted and processed.

AbuAliiiiiiiiii · August 11, 2019, 10:16am

Application will keep reading the file /opt/apprun.out then will continue running.

Let me know if you have any idea

rbatte1 · August 13, 2019, 9:31am

This seems to be a bad plan from the start. Writing passwords anywhere should be avoided. Anyone who can read the code that reads the password can probably just read the password for themselves.

A few questions:-

Why would your application need to know the password? Does it become the account for certain actions?
Could you not set up sudo access to allow people to become the account when they need to? This is auditable too.
Is this a database account or something? You may be able to define it as authorised externally to the database, i.e. the DB trusts the OS validation.
How would you use the password anyway?

It just seems a bad plan to me (sorry) and we may be able to find a better way that maybe even negates the need to have it changed regularly (i.e locked for password login entirely) so saving the Access Management team a task too.

I'm just confused and want to avoid building a service with exposures.
Robin