8:58 a.m.
----- Original Message -----
From: "Liran Zelkha" <liran.zelkha(a)gmail.com>
To: "Eli Mesika" <emesika(a)redhat.com>
Cc: "Alon Bar-Lev" <alonbl(a)redhat.com>, "Juan Hernandez"
<jhernand(a)redhat.com>, "engine-devel"
<engine-devel(a)ovirt.org>
Sent: Wednesday, May 1, 2013 8:34:18 AM
Subject: Re: [Engine-devel] Dropping encryption of database password
Why not do use the same technology like JBoss DataSource password
encryption?
http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypti...
As I wrote:
1. Out project is not java specific, we need to access the database in other tools as
well, example: python.
2. Reversible encryption is a total void, what benefit is there to encrypt password which
can be decrypted by anyone?
3. We currently store the same password at two files, one which is .pgpass as plain text
and another is at the service configuration which is encrypted, what is the benefit in
this duplication?
Thanks!
Alon
On Wed, May 1, 2013 at 3:45 AM, Eli Mesika <emesika(a)redhat.com> wrote:
>
>
> ----- Original Message -----
> > From: "Alon Bar-Lev" <alonbl(a)redhat.com>
> > To: "engine-devel" <engine-devel(a)ovirt.org>
> > Cc: "Yair Zaslavsky" <yzaslavs(a)redhat.com>, "Eli
Mesika" <
> emesika(a)redhat.com>, "Juan Hernandez" <jhernand(a)redhat.com>
> > Sent: Tuesday, April 30, 2013 10:41:20 PM
> > Subject: Dropping encryption of database password
> >
> > Hello,
> >
> > Currently we store database password encrypted using
> > org.picketbox.datasource.security.SecureIdentityLoginModule.
> >
> > This is reverse encryption with common knowledge shared secret.
> >
> > Using encryption with common knowledge shared secret is close to void
> > protection.
> >
> > So far we also stored the password as plain text at
> > /etc/ovirt-engine/.pgpass, this is going to be removed as no component
> > actually uses the .pgpass, however we do need to store non-java specific
> > password in for utilities.
> >
> > In master (aiming to 3.3), we store the database connection details in
> own
> > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by
> ovirt
> > user and not world readable.
> >
> > I would like to use the same 50-setup-database.conf to store plain text
> > password and remove the java specific reversible encrypted password
> usage.
> >
> > Bottom line...
> > 1. We drop the .pgpass file.
> > 2. We store database connection information in
> > /etc/ovirt-engine/engine.conf.d/<file> that is readable only by ovirt
> usage.
> > 3. We drop the java specific reversible encryption in favor of plain
> text.
> >
> > Thoughts?
>
> I see no problem in the .pgpass , only root can access it (it has 0600
> mode , if it doesn't it is ignored by PG)
> Apart from that , this is the standard way used by PG so why not using it
> , AFAIK this is considered safe & secured
>
>
> > Alon
> >
> _______________________________________________
> Engine-devel mailing list
> Engine-devel(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>