[Engine-devel] Dropping encryption of database password
Dan Kenigsberg
danken at redhat.com
Wed May 1 07:59:45 UTC 2013
On Tue, Apr 30, 2013 at 03:41:20PM -0400, Alon Bar-Lev wrote:
> Hello,
>
> Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule.
>
> This is reverse encryption with common knowledge shared secret.
>
> Using encryption with common knowledge shared secret is close to void protection.
>
> So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities.
>
> In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable.
>
> I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage.
>
> Bottom line...
> 1. We drop the .pgpass file.
> 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/<file> that is readable only by ovirt usage.
> 3. We drop the java specific reversible encryption in favor of plain text.
>
+1.
Obfuscating passwords only gives a false sense of security.
However, many applications, such Firefox in its signons.sqlite, do that
to avoid revealing the password during a casual browse of the
filesystem.
More information about the Engine-devel
mailing list