[Engine-devel] Dropping encryption of database password

[Alon Bar-Lev]

Hello,

Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule.

This is reverse encryption with common knowledge shared secret.

Using encryption with common knowledge shared secret is close to void protection.

So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities.

In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable.

I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage.

Bottom line...
1. We drop the .pgpass file.
2. We store database connection information in /etc/ovirt-engine/engine.conf.d/<file> that is readable only by ovirt usage.
3. We drop the java specific reversible encryption in favor of plain text.

Thoughts?
Alon