BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?

Subject: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
From: me at mattgillen.net (Matthew Gillen)
Date: Sat, 31 Jan 2015 12:48:31 -0500
In-reply-to: <ABF5CA78-4883-4E58-AF62-85B894B634B1@icloud.com>
References: <54CCF4A4.6040703@borg.org> <ABF5CA78-4883-4E58-AF62-85B894B634B1@icloud.com>

Set up postgres to only allow connections from the loopback.  Put the db
credentials in a file, then rely on file-system permissions and/or
SElinux to prevent access to that file from other processes on the
system.  This is the sort of thing SELinux is really designed for.

Matt

On 1/31/2015 10:56 AM, Eric Chadbourne wrote:
> FWIW, in PHP you often put the PostgreSQL user credentials in the code.  Usually a config file somewhere.  You can also place sensitive files outside of your web root with proper permissions.  If all running on a local box I don?t open the ports or set the db config to allow other connections.  It seems reasonably secure.
> 
> I am curious as to what others do.
> 
> The PostgreSQL docs have a ton of great info.
> 
> - Eric
> 
> 
> 
>> On Jan 31, 2015, at 10:28 AM, Kent Borg <kentborg at borg.org> wrote:
>>
>> Related to my previous database questions...
>>
>> Normally I think of a program as trusting itself, having some integrity, maybe not even having gaping bugs or security holes. But what if I the program I am writing is talking to another, such as Postgres? Postgres has the ability to do passwords, so do I just put a password in my program source? Set Postgres to only accept local connections, and hope for the best? Seems wrong. Do I try to put both in a chroot or something?
>>
>> My program already has to hope that its program files are secured by the hosting OS, but at least if it isn't opening up a network port it stays a rather contained problem.
>>
>> (I want multiple programs talking to the database, so no, I can't just link in Sqlite.)
>>
>> Seems a general problem of securing interprocess communications.
>>
>> Thoughts?
>>
>> Thanks,
>>
>> -kb, the Kent who knows that people Google for passwords, search github for passwords, and get a lot of juicy results.
>> _______________________________________________
>> Discuss mailing list
>> Discuss at blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

References:
- [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
  - From: eric.chadbourne at icloud.com (Eric Chadbourne)

Prev by Date: [Discuss] securing API passwords
Next by Date: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Previous by thread: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Next by thread: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.