> Cool, i like this idea. I stared at it for a while before concluding that
Thank you. > keys for each user. Just have the manager physically type in the master > password each time you "bring the system up". The password is then stored > in a variable as long as the application server is running, but never on > disk. This adds an additional avenue of attack. If the attacker can somehow bypass the logon screen, she can potentially access the sensitive data. In my example the server is given access on behalf of the user in the context of that user's session. The server itself never has access without having a valid user around because it can't decrypt the CC key. So bypassing the logon screen does nothing for the attacker. > Or am i missing something? Having keys for each user would definitely > obfuscate things for potential attackers, but that is NOT encryption. This is encryption. The plaintext password is never on the server in any form other than in memory when a user logs in. If the attacker can read the server's memory then all bets are off, but the file system, application, and databases are relatively safe. This isn't a great solution. I agree.
