[Engine-devel] Dropping encryption of database password

Eli Mesika emesika at redhat.com
Wed May 1 13:28:42 UTC 2013



----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Eli Mesika" <emesika at redhat.com>
> Cc: "engine-devel" <engine-devel at ovirt.org>, "Yair Zaslavsky" <yzaslavs at redhat.com>, "Juan Hernandez"
> <jhernand at redhat.com>
> Sent: Wednesday, May 1, 2013 8:55:05 AM
> Subject: Re: Dropping encryption of database password
> 
> 
> 
> ----- Original Message -----
> > From: "Eli Mesika" <emesika at redhat.com>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: "engine-devel" <engine-devel at ovirt.org>, "Yair Zaslavsky"
> > <yzaslavs at redhat.com>, "Juan Hernandez"
> > <jhernand at redhat.com>
> > Sent: Wednesday, May 1, 2013 3:45:06 AM
> > Subject: Re: Dropping encryption of database password
> > 
> > 
> > 
> > ----- Original Message -----
> > > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > > To: "engine-devel" <engine-devel at ovirt.org>
> > > Cc: "Yair Zaslavsky" <yzaslavs at redhat.com>, "Eli Mesika"
> > > <emesika at redhat.com>, "Juan Hernandez" <jhernand at redhat.com>
> > > Sent: Tuesday, April 30, 2013 10:41:20 PM
> > > Subject: Dropping encryption of database password
> > > 
> > > Hello,
> > > 
> > > Currently we store database password encrypted using
> > > org.picketbox.datasource.security.SecureIdentityLoginModule.
> > > 
> > > This is reverse encryption with common knowledge shared secret.
> > > 
> > > Using encryption with common knowledge shared secret is close to void
> > > protection.
> > > 
> > > So far we also stored the password as plain text at
> > > /etc/ovirt-engine/.pgpass, this is going to be removed as no component
> > > actually uses the .pgpass, however we do need to store non-java specific
> > > password in for utilities.
> > > 
> > > In master (aiming to 3.3), we store the database connection details in
> > > own
> > > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by
> > > ovirt
> > > user and not world readable.
> > > 
> > > I would like to use the same 50-setup-database.conf to store plain text
> > > password and remove the java specific reversible encrypted password
> > > usage.
> > > 
> > > Bottom line...
> > > 1. We drop the .pgpass file.
> > > 2. We store database connection information in
> > > /etc/ovirt-engine/engine.conf.d/<file> that is readable only by ovirt
> > > usage.
> > > 3. We drop the java specific reversible encryption in favor of plain
> > > text.
> > > 
> > > Thoughts?
> > 
> > I see no problem in the .pgpass , only root can access it (it has 0600 mode
> > ,
> > if it doesn't it is ignored by PG)
> > Apart from that , this is the standard way used by PG so why not using it ,
> > AFAIK this is considered safe & secured
> 
> In another words you are for storing password as plain text.... :)

If the file is protected , I don't mind that the password is in plain text...

> 
> > 
> > 
> > > Alon
> > > 
> > 
> 



More information about the Engine-devel mailing list