[Engine-devel] Dropping encryption of database password
Alon Bar-Lev
alonbl at redhat.com
Wed May 1 05:58:00 UTC 2013
----- Original Message -----
> From: "Liran Zelkha" <liran.zelkha at gmail.com>
> To: "Eli Mesika" <emesika at redhat.com>
> Cc: "Alon Bar-Lev" <alonbl at redhat.com>, "Juan Hernandez" <jhernand at redhat.com>, "engine-devel"
> <engine-devel at ovirt.org>
> Sent: Wednesday, May 1, 2013 8:34:18 AM
> Subject: Re: [Engine-devel] Dropping encryption of database password
>
> Why not do use the same technology like JBoss DataSource password
> encryption?
> http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypting_Data_Source_Passwords.html
As I wrote:
1. Out project is not java specific, we need to access the database in other tools as well, example: python.
2. Reversible encryption is a total void, what benefit is there to encrypt password which can be decrypted by anyone?
3. We currently store the same password at two files, one which is .pgpass as plain text and another is at the service configuration which is encrypted, what is the benefit in this duplication?
Thanks!
Alon
>
> On Wed, May 1, 2013 at 3:45 AM, Eli Mesika <emesika at redhat.com> wrote:
>
> >
> >
> > ----- Original Message -----
> > > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > > To: "engine-devel" <engine-devel at ovirt.org>
> > > Cc: "Yair Zaslavsky" <yzaslavs at redhat.com>, "Eli Mesika" <
> > emesika at redhat.com>, "Juan Hernandez" <jhernand at redhat.com>
> > > Sent: Tuesday, April 30, 2013 10:41:20 PM
> > > Subject: Dropping encryption of database password
> > >
> > > Hello,
> > >
> > > Currently we store database password encrypted using
> > > org.picketbox.datasource.security.SecureIdentityLoginModule.
> > >
> > > This is reverse encryption with common knowledge shared secret.
> > >
> > > Using encryption with common knowledge shared secret is close to void
> > > protection.
> > >
> > > So far we also stored the password as plain text at
> > > /etc/ovirt-engine/.pgpass, this is going to be removed as no component
> > > actually uses the .pgpass, however we do need to store non-java specific
> > > password in for utilities.
> > >
> > > In master (aiming to 3.3), we store the database connection details in
> > own
> > > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by
> > ovirt
> > > user and not world readable.
> > >
> > > I would like to use the same 50-setup-database.conf to store plain text
> > > password and remove the java specific reversible encrypted password
> > usage.
> > >
> > > Bottom line...
> > > 1. We drop the .pgpass file.
> > > 2. We store database connection information in
> > > /etc/ovirt-engine/engine.conf.d/<file> that is readable only by ovirt
> > usage.
> > > 3. We drop the java specific reversible encryption in favor of plain
> > text.
> > >
> > > Thoughts?
> >
> > I see no problem in the .pgpass , only root can access it (it has 0600
> > mode , if it doesn't it is ignored by PG)
> > Apart from that , this is the standard way used by PG so why not using it
> > , AFAIK this is considered safe & secured
> >
> >
> > > Alon
> > >
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> >
>
More information about the Engine-devel
mailing list