----- Original Message ----- > From: "Liran Zelkha" <[email protected]> > To: "Eli Mesika" <[email protected]> > Cc: "Alon Bar-Lev" <[email protected]>, "Juan Hernandez" > <[email protected]>, "engine-devel" > <[email protected]> > Sent: Wednesday, May 1, 2013 8:34:18 AM > Subject: Re: [Engine-devel] Dropping encryption of database password > > Why not do use the same technology like JBoss DataSource password > encryption? > http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypting_Data_Source_Passwords.html
As I wrote: 1. Out project is not java specific, we need to access the database in other tools as well, example: python. 2. Reversible encryption is a total void, what benefit is there to encrypt password which can be decrypted by anyone? 3. We currently store the same password at two files, one which is .pgpass as plain text and another is at the service configuration which is encrypted, what is the benefit in this duplication? Thanks! Alon > > On Wed, May 1, 2013 at 3:45 AM, Eli Mesika <[email protected]> wrote: > > > > > > > ----- Original Message ----- > > > From: "Alon Bar-Lev" <[email protected]> > > > To: "engine-devel" <[email protected]> > > > Cc: "Yair Zaslavsky" <[email protected]>, "Eli Mesika" < > > [email protected]>, "Juan Hernandez" <[email protected]> > > > Sent: Tuesday, April 30, 2013 10:41:20 PM > > > Subject: Dropping encryption of database password > > > > > > Hello, > > > > > > Currently we store database password encrypted using > > > org.picketbox.datasource.security.SecureIdentityLoginModule. > > > > > > This is reverse encryption with common knowledge shared secret. > > > > > > Using encryption with common knowledge shared secret is close to void > > > protection. > > > > > > So far we also stored the password as plain text at > > > /etc/ovirt-engine/.pgpass, this is going to be removed as no component > > > actually uses the .pgpass, however we do need to store non-java specific > > > password in for utilities. > > > > > > In master (aiming to 3.3), we store the database connection details in > > own > > > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by > > ovirt > > > user and not world readable. > > > > > > I would like to use the same 50-setup-database.conf to store plain text > > > password and remove the java specific reversible encrypted password > > usage. > > > > > > Bottom line... > > > 1. We drop the .pgpass file. > > > 2. We store database connection information in > > > /etc/ovirt-engine/engine.conf.d/<file> that is readable only by ovirt > > usage. > > > 3. We drop the java specific reversible encryption in favor of plain > > text. > > > > > > Thoughts? > > > > I see no problem in the .pgpass , only root can access it (it has 0600 > > mode , if it doesn't it is ignored by PG) > > Apart from that , this is the standard way used by PG so why not using it > > , AFAIK this is considered safe & secured > > > > > > > Alon > > > > > _______________________________________________ > > Engine-devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
