[Klug-general] password / security question / coding
oly
oly at digitaloctave.com
Sat Oct 18 21:47:57 UTC 2008
On Sat, 2008-10-18 at 18:16 +0100, Mike Evans wrote:
> >
> > obviously storing in plain text is not ideal so looking for the most
> > secure solution so let me know, i am not a security expert myself so
> > looking for others opinions / ideas.
> >
> Putting passwords in plain in a stored file is not only less than ideal
> it is folly. Don't ever (and I mean ever) do it. Even holding them in
> the memory of a computer in plain should be done for as short a time as
> possible. This can be done by decrypting as late as possible, and once
> used ensuring that the memory used by the variable is overwritten.
yes i agree it should not be done it just finding another solution that
proving a problem, the best example i can think of is php mysql php
usually has a config file with the user and password in plain text
stored for connections to the database never seen it done any other way
than this.
> If possible I would also suggest that connectivity and authentication
> between a server manager and managed servers should be done using tried
> and tested security mechanisms, such as ssh validated by certificates in
> both directions. Remember that once a hostile party has access to any
> machine on the network packet sniffing is trivial.
Any messaging i do between servers i plan on using ssh with certificates
how ever i am just thinking single server for the moment to keep things
simple.
> Mike
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
More information about the Kent
mailing list