On Friday 03 Apr 2009, Chirag R wrote:
[snip] Following reasons :
- My App looks bad since it requires to store password in clear-text
in a file. This is more of client requirement; they do not want any password to be stored in clear-text. Take example of Oracle DB, it provides you facility of Oracle Wallet, using which you can store password and access it via a tnsname. 2. Accidentally doing a cat even by root will make the password visible. 3. If you send across the system info to support to troubleshoot my App, this file maybe included. Customer passwords will be exposed to support guys. (I know customer can remove the password line and send across the file, but again its about convenience)
I know root can access almost any file and cause damage/modify, but that is something I am not worried about. The idea is to not keep it ridiculously easy for someone to crack.
Since root has access to the whole system, all you can do is move the plain text from the file to the application. For instance, you could keep the password encrypted in the config file and let your application read that and provide a key to decrypt the password and send it to MySQL. However, that is essentially just shifting the encryption from one point to another on the system.
If you're a believer in security by obscurity (which I'm not), this method will work for you. On the other hand, anyone who can access your application (e.g. root) can extract the algorithm and key from it and decrypt the password herself if she so desires.
Regards,
-- Raju