Within an application that must open a database connection, the username/password particulars must be delivered to the database. What's the most dependable method of storing, and taking advantage of, this data?
The precise method is dependent around the atmosphere, however in general, you keep qualifications someplace that is only readable through the user that the application is running as. For instance on Home windows you'd keep qualifications within the registry someplace protected by an ACL to ensure that that user could see clearly. Optionally, you could utilize the DPAPI to secure the information therefore it was further protected. In Unix, you'd store it inside a file which was protected with
chmod (and optionally encoded) to ensure that just the application could see clearly.
This is an problem that we have grappled - and develop a number of approaches.
The very first response is to choose 1800 INFORMATION's suggestion:
place it within an area only readable through the userid running the application.
I do not think you will get a much better all-round solution than this.
Other techniques we have considered (and declined):
- Save it within an encoded file
- this only works when the attacker can't reach your code to determine the way the file encryption works, so not too good more often than not.
- Save it within the database and need a human to log onto start the applying
- this works, as lengthy as you're in a position to possess a real person launch the applying constantly
- Depend on built-in security products, for example individuals insInternet (see rwwilden's answer).
- this is an excellent solution if you're, e.g. a Microsoft shop.
That is dependent around the database you are using. For Microsoft SQL Server you can either secure the database connection string within the configuration or else you use integrated security, in which you connect with the database while using identity from the application you are hooking up from.
not inside your source code but rather inside a separate file read because of your application. then use system security to create this file only readable through the application user