Re: [Engine-devel] Dropping encryption of database password
On 05/05/2013 03:17 AM, Alon Bar-Lev wrote: I am going to drop the .pgpass file in favor of other configuration file and produce .pgpass on will. This is because: 1. The proprietary format of .pgpass is not friendly to parsing. Ack. Please remove this for a key/value solution. ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Alon Bar-Lev" > To: "Eli Mesika" > Cc: "Keith Robertson" , "Juan Hernandez" > , "engine-devel" > , "pmatouse" > Sent: Sunday, May 5, 2013 10:17:28 AM > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > - Original Message - > > From: "Eli Mesika" > > To: "Keith Robertson" , "Alon Bar-Lev" > > , "Juan Hernandez" > > > > Cc: "engine-devel" , "pmatouse" > > > > Sent: Sunday, May 5, 2013 10:13:59 AM > > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > > > > > ----- Original Message ----- > > > From: "Alon Bar-Lev" > > > To: "Keith Robertson" > > > Cc: "Juan Hernandez" , "engine-devel" > > > , "pmatouse" > > > Sent: Wednesday, May 1, 2013 9:40:13 PM > > > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > > > > > > > > > - Original Message - > > > > From: "Keith Robertson" > > > > To: "Alon Bar-Lev" > > > > Cc: "Josh Bressers" , "Juan Hernandez" > > > > , "engine-devel" > > > > , "pmatouse" , "Sandro > > > > Bonazzola" > > > > Sent: Wednesday, May 1, 2013 9:31:15 PM > > > > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > > > > > On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: > > > > > Thank you. > > > > > This is what I wrote in my initial post. > > > > > The only users who should access this password is ovirt user and root > > > > > user. > > > > > > > > > > Regards, > > > > > Alon Bar-Lev. > > > > > > > > > >> > > > > > Alon, > > > > I agree with the desire to store the PW in plaintext and in a > > > > non-obfuscated manner. In this case, obfuscation really doesn't gain > > > > anything. > > > > > > > > I would suggest; however, that the migration to plaintext be > > > > coordinated > > > > with a simultaneous patch to the the Log Collector. It does have a > > > > dependency on the current architecture. > > > > > > > > Keith > > > > > > > > > > Hi, > > > > > > As far as I know it reads the plain text from .pgpass, we need to modify > > > it > > > to search within the alternate format as well. > > > > We are using the original .pgpass file that is in 0600 mode ( have access > > only to root) > > If the file does not have this mode , it is ignored by Postgres > > I see no security issue in that ... > > > > Please see details in > > http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html > > I am going to drop the .pgpass file in favor of other configuration file and > produce .pgpass on will. > This is because: > 1. The proprietary format of .pgpass is not friendly to parsing. > 2. It does not hold the SSL setting. > 3. It does not hold the SSL host validation setting. > 4. It will be more difficult to modify user password. > > This file is also 0600 owned by engine but in key=value format, so no change > as far as security is concerned. That's OK from my point > > Thanks! > Alon. > > > > > > > > > > > > > Thanks, > > > Alon > > > ___ > > > Engine-devel mailing list > > > Engine-devel@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Eli Mesika" > To: "Keith Robertson" , "Alon Bar-Lev" > , "Juan Hernandez" > > Cc: "engine-devel" , "pmatouse" > Sent: Sunday, May 5, 2013 10:13:59 AM > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > - Original Message - > > From: "Alon Bar-Lev" > > To: "Keith Robertson" > > Cc: "Juan Hernandez" , "engine-devel" > > , "pmatouse" > > Sent: Wednesday, May 1, 2013 9:40:13 PM > > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > > > > > - Original Message - > > > From: "Keith Robertson" > > > To: "Alon Bar-Lev" > > > Cc: "Josh Bressers" , "Juan Hernandez" > > > , "engine-devel" > > > , "pmatouse" , "Sandro > > > Bonazzola" > > > Sent: Wednesday, May 1, 2013 9:31:15 PM > > > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > > > On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: > > > > Thank you. > > > > This is what I wrote in my initial post. > > > > The only users who should access this password is ovirt user and root > > > > user. > > > > > > > > Regards, > > > > Alon Bar-Lev. > > > > > > > >> > > > > Alon, > > > I agree with the desire to store the PW in plaintext and in a > > > non-obfuscated manner. In this case, obfuscation really doesn't gain > > > anything. > > > > > > I would suggest; however, that the migration to plaintext be coordinated > > > with a simultaneous patch to the the Log Collector. It does have a > > > dependency on the current architecture. > > > > > > Keith > > > > > > > Hi, > > > > As far as I know it reads the plain text from .pgpass, we need to modify it > > to search within the alternate format as well. > > We are using the original .pgpass file that is in 0600 mode ( have access > only to root) > If the file does not have this mode , it is ignored by Postgres > I see no security issue in that ... > > Please see details in > http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html I am going to drop the .pgpass file in favor of other configuration file and produce .pgpass on will. This is because: 1. The proprietary format of .pgpass is not friendly to parsing. 2. It does not hold the SSL setting. 3. It does not hold the SSL host validation setting. 4. It will be more difficult to modify user password. This file is also 0600 owned by engine but in key=value format, so no change as far as security is concerned. Thanks! Alon. > > > > > > > Thanks, > > Alon > > ___ > > Engine-devel mailing list > > Engine-devel@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Alon Bar-Lev" > To: "Keith Robertson" > Cc: "Juan Hernandez" , "engine-devel" > , "pmatouse" > Sent: Wednesday, May 1, 2013 9:40:13 PM > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > - Original Message - > > From: "Keith Robertson" > > To: "Alon Bar-Lev" > > Cc: "Josh Bressers" , "Juan Hernandez" > > , "engine-devel" > > , "pmatouse" , "Sandro > > Bonazzola" > > Sent: Wednesday, May 1, 2013 9:31:15 PM > > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: > > > Thank you. > > > This is what I wrote in my initial post. > > > The only users who should access this password is ovirt user and root > > > user. > > > > > > Regards, > > > Alon Bar-Lev. > > > > > >> > > > Alon, > > I agree with the desire to store the PW in plaintext and in a > > non-obfuscated manner. In this case, obfuscation really doesn't gain > > anything. > > > > I would suggest; however, that the migration to plaintext be coordinated > > with a simultaneous patch to the the Log Collector. It does have a > > dependency on the current architecture. > > > > Keith > > > > Hi, > > As far as I know it reads the plain text from .pgpass, we need to modify it > to search within the alternate format as well. We are using the original .pgpass file that is in 0600 mode ( have access only to root) If the file does not have this mode , it is ignored by Postgres I see no security issue in that ... Please see details in http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html > > Thanks, > Alon > ___ > Engine-devel mailing list > Engine-devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Keith Robertson" > To: "Alon Bar-Lev" > Cc: "Josh Bressers" , "Juan Hernandez" > , "engine-devel" > , "pmatouse" , "Sandro > Bonazzola" > Sent: Wednesday, May 1, 2013 9:31:15 PM > Subject: Re: [Engine-devel] Dropping encryption of database password > > On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: > > Thank you. > > This is what I wrote in my initial post. > > The only users who should access this password is ovirt user and root user. > > > > Regards, > > Alon Bar-Lev. > > > >> > > Alon, > I agree with the desire to store the PW in plaintext and in a > non-obfuscated manner. In this case, obfuscation really doesn't gain > anything. > > I would suggest; however, that the migration to plaintext be coordinated > with a simultaneous patch to the the Log Collector. It does have a > dependency on the current architecture. > > Keith > Hi, As far as I know it reads the plain text from .pgpass, we need to modify it to search within the alternate format as well. Thanks, Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. > Alon, I agree with the desire to store the PW in plaintext and in a non-obfuscated manner. In this case, obfuscation really doesn't gain anything. I would suggest; however, that the migration to plaintext be coordinated with a simultaneous patch to the the Log Collector. It does have a dependency on the current architecture. Keith ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Josh Bressers" > To: "Alon Bar-Lev" > Cc: "Eli Mesika" , "Juan Hernandez" > , "engine-devel" > , "pmatouse" > Sent: Wednesday, May 1, 2013 9:13:24 PM > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > > > > > > > > > > > In another words you are for storing password as plain text :) > > > > > > > > If the file is protected , I don't mind that the password is in plain > > > > text... > > > > > > > > > > Hi all, > > > > Hello, > > > > > Itamar pointed me at this thread. I'm part of the Red Hat Product > > > Security > > > Team, we exist to help various projects and products with security needs > > > (such as advice in this instance). > > > > > > I can't really comment on this without understanding some of the > > > background > > > (sorry for not being up to speed, I don't have time to research this > > > today and I'm away tomorrow so my replies may be slow). > > > > > > Can you explain to me what the passwords in question are used for? > > > > The password of the user used to access the database. > > > > Ahh, so the subject is quite literal. > > So in an instance like this it's not uncommon to store this password as > plaintext in a file. The important part is then to ensure that the file is > protected and can only be accessed on a need-to-know basis. > > Using various scrambling techniques don't really provide any additional > security. Some claim it makes things worse as it provides a false sense of > security. > > I would suggest you make a note about what processes and users can view or > modify this file and for what reasons. This should help identify things in > the future that should or shouldn't have this level of access. > > Let me know if you have any questions. > > Thanks. Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. > > -- > Josh Bressers / Red Hat Product Security Team > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
> > > > > > > > > > In another words you are for storing password as plain text :) > > > > > > If the file is protected , I don't mind that the password is in plain > > > text... > > > > > > > Hi all, > > Hello, > > > Itamar pointed me at this thread. I'm part of the Red Hat Product Security > > Team, we exist to help various projects and products with security needs > > (such as advice in this instance). > > > > I can't really comment on this without understanding some of the background > > (sorry for not being up to speed, I don't have time to research this > > today and I'm away tomorrow so my replies may be slow). > > > > Can you explain to me what the passwords in question are used for? > > The password of the user used to access the database. > Ahh, so the subject is quite literal. So in an instance like this it's not uncommon to store this password as plaintext in a file. The important part is then to ensure that the file is protected and can only be accessed on a need-to-know basis. Using various scrambling techniques don't really provide any additional security. Some claim it makes things worse as it provides a false sense of security. I would suggest you make a note about what processes and users can view or modify this file and for what reasons. This should help identify things in the future that should or shouldn't have this level of access. Let me know if you have any questions. Thanks. -- Josh Bressers / Red Hat Product Security Team ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Josh Bressers" > To: "Eli Mesika" > Cc: "Alon Bar-Lev" , "Juan Hernandez" > , "engine-devel" > , "pmatouse" > Sent: Wednesday, May 1, 2013 6:40:26 PM > Subject: Re: [Engine-devel] Dropping encryption of database password > > > > > > > In another words you are for storing password as plain text :) > > > > If the file is protected , I don't mind that the password is in plain > > text... > > > > Hi all, Hello, > Itamar pointed me at this thread. I'm part of the Red Hat Product Security > Team, we exist to help various projects and products with security needs > (such as advice in this instance). > > I can't really comment on this without understanding some of the background > (sorry for not being up to speed, I don't have time to research this > today and I'm away tomorrow so my replies may be slow). > > Can you explain to me what the passwords in question are used for? The password of the user used to access the database. Regards, Alon > > Thanks. > > -- > Josh Bressers / Red Hat Product Security Team > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
> > > > In another words you are for storing password as plain text :) > > If the file is protected , I don't mind that the password is in plain text... > Hi all, Itamar pointed me at this thread. I'm part of the Red Hat Product Security Team, we exist to help various projects and products with security needs (such as advice in this instance). I can't really comment on this without understanding some of the background (sorry for not being up to speed, I don't have time to research this today and I'm away tomorrow so my replies may be slow). Can you explain to me what the passwords in question are used for? Thanks. -- Josh Bressers / Red Hat Product Security Team ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Alon Bar-Lev" > To: "Eli Mesika" > Cc: "engine-devel" , "Yair Zaslavsky" > , "Juan Hernandez" > > Sent: Wednesday, May 1, 2013 8:55:05 AM > Subject: Re: Dropping encryption of database password > > > > - Original Message - > > From: "Eli Mesika" > > To: "Alon Bar-Lev" > > Cc: "engine-devel" , "Yair Zaslavsky" > > , "Juan Hernandez" > > > > Sent: Wednesday, May 1, 2013 3:45:06 AM > > Subject: Re: Dropping encryption of database password > > > > > > > > - Original Message - > > > From: "Alon Bar-Lev" > > > To: "engine-devel" > > > Cc: "Yair Zaslavsky" , "Eli Mesika" > > > , "Juan Hernandez" > > > Sent: Tuesday, April 30, 2013 10:41:20 PM > > > Subject: Dropping encryption of database password > > > > > > Hello, > > > > > > Currently we store database password encrypted using > > > org.picketbox.datasource.security.SecureIdentityLoginModule. > > > > > > This is reverse encryption with common knowledge shared secret. > > > > > > Using encryption with common knowledge shared secret is close to void > > > protection. > > > > > > So far we also stored the password as plain text at > > > /etc/ovirt-engine/.pgpass, this is going to be removed as no component > > > actually uses the .pgpass, however we do need to store non-java specific > > > password in for utilities. > > > > > > In master (aiming to 3.3), we store the database connection details in > > > own > > > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by > > > ovirt > > > user and not world readable. > > > > > > I would like to use the same 50-setup-database.conf to store plain text > > > password and remove the java specific reversible encrypted password > > > usage. > > > > > > Bottom line... > > > 1. We drop the .pgpass file. > > > 2. We store database connection information in > > > /etc/ovirt-engine/engine.conf.d/ that is readable only by ovirt > > > usage. > > > 3. We drop the java specific reversible encryption in favor of plain > > > text. > > > > > > Thoughts? > > > > I see no problem in the .pgpass , only root can access it (it has 0600 mode > > , > > if it doesn't it is ignored by PG) > > Apart from that , this is the standard way used by PG so why not using it , > > AFAIK this is considered safe & secured > > In another words you are for storing password as plain text :) If the file is protected , I don't mind that the password is in plain text... > > > > > > > > Alon > > > > > > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
On Tue, Apr 30, 2013 at 03:41:20PM -0400, Alon Bar-Lev wrote: > Hello, > > Currently we store database password encrypted using > org.picketbox.datasource.security.SecureIdentityLoginModule. > > This is reverse encryption with common knowledge shared secret. > > Using encryption with common knowledge shared secret is close to void > protection. > > So far we also stored the password as plain text at > /etc/ovirt-engine/.pgpass, this is going to be removed as no component > actually uses the .pgpass, however we do need to store non-java specific > password in for utilities. > > In master (aiming to 3.3), we store the database connection details in own > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt > user and not world readable. > > I would like to use the same 50-setup-database.conf to store plain text > password and remove the java specific reversible encrypted password usage. > > Bottom line... > 1. We drop the .pgpass file. > 2. We store database connection information in > /etc/ovirt-engine/engine.conf.d/ that is readable only by ovirt usage. > 3. We drop the java specific reversible encryption in favor of plain text. > +1. Obfuscating passwords only gives a false sense of security. However, many applications, such Firefox in its signons.sqlite, do that to avoid revealing the password during a casual browse of the filesystem. ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Liran Zelkha" > To: "Eli Mesika" > Cc: "Alon Bar-Lev" , "Juan Hernandez" > , "engine-devel" > > Sent: Wednesday, May 1, 2013 8:34:18 AM > Subject: Re: [Engine-devel] Dropping encryption of database password > > Why not do use the same technology like JBoss DataSource password > encryption? > http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypting_Data_Source_Passwords.html As I wrote: 1. Out project is not java specific, we need to access the database in other tools as well, example: python. 2. Reversible encryption is a total void, what benefit is there to encrypt password which can be decrypted by anyone? 3. We currently store the same password at two files, one which is .pgpass as plain text and another is at the service configuration which is encrypted, what is the benefit in this duplication? Thanks! Alon > > On Wed, May 1, 2013 at 3:45 AM, Eli Mesika wrote: > > > > > > > - Original Message - > > > From: "Alon Bar-Lev" > > > To: "engine-devel" > > > Cc: "Yair Zaslavsky" , "Eli Mesika" < > > emes...@redhat.com>, "Juan Hernandez" > > > Sent: Tuesday, April 30, 2013 10:41:20 PM > > > Subject: Dropping encryption of database password > > > > > > Hello, > > > > > > Currently we store database password encrypted using > > > org.picketbox.datasource.security.SecureIdentityLoginModule. > > > > > > This is reverse encryption with common knowledge shared secret. > > > > > > Using encryption with common knowledge shared secret is close to void > > > protection. > > > > > > So far we also stored the password as plain text at > > > /etc/ovirt-engine/.pgpass, this is going to be removed as no component > > > actually uses the .pgpass, however we do need to store non-java specific > > > password in for utilities. > > > > > > In master (aiming to 3.3), we store the database connection details in > > own > > > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by > > ovirt > > > user and not world readable. > > > > > > I would like to use the same 50-setup-database.conf to store plain text > > > password and remove the java specific reversible encrypted password > > usage. > > > > > > Bottom line... > > > 1. We drop the .pgpass file. > > > 2. We store database connection information in > > > /etc/ovirt-engine/engine.conf.d/ that is readable only by ovirt > > usage. > > > 3. We drop the java specific reversible encryption in favor of plain > > text. > > > > > > Thoughts? > > > > I see no problem in the .pgpass , only root can access it (it has 0600 > > mode , if it doesn't it is ignored by PG) > > Apart from that , this is the standard way used by PG so why not using it > > , AFAIK this is considered safe & secured > > > > > > > Alon > > > > > ___ > > Engine-devel mailing list > > Engine-devel@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Eli Mesika" > To: "Alon Bar-Lev" > Cc: "engine-devel" , "Yair Zaslavsky" > , "Juan Hernandez" > > Sent: Wednesday, May 1, 2013 3:45:06 AM > Subject: Re: Dropping encryption of database password > > > > - Original Message - > > From: "Alon Bar-Lev" > > To: "engine-devel" > > Cc: "Yair Zaslavsky" , "Eli Mesika" > > , "Juan Hernandez" > > Sent: Tuesday, April 30, 2013 10:41:20 PM > > Subject: Dropping encryption of database password > > > > Hello, > > > > Currently we store database password encrypted using > > org.picketbox.datasource.security.SecureIdentityLoginModule. > > > > This is reverse encryption with common knowledge shared secret. > > > > Using encryption with common knowledge shared secret is close to void > > protection. > > > > So far we also stored the password as plain text at > > /etc/ovirt-engine/.pgpass, this is going to be removed as no component > > actually uses the .pgpass, however we do need to store non-java specific > > password in for utilities. > > > > In master (aiming to 3.3), we store the database connection details in own > > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt > > user and not world readable. > > > > I would like to use the same 50-setup-database.conf to store plain text > > password and remove the java specific reversible encrypted password usage. > > > > Bottom line... > > 1. We drop the .pgpass file. > > 2. We store database connection information in > > /etc/ovirt-engine/engine.conf.d/ that is readable only by ovirt > > usage. > > 3. We drop the java specific reversible encryption in favor of plain text. > > > > Thoughts? > > I see no problem in the .pgpass , only root can access it (it has 0600 mode , > if it doesn't it is ignored by PG) > Apart from that , this is the standard way used by PG so why not using it , > AFAIK this is considered safe & secured In another words you are for storing password as plain text :) > > > > Alon > > > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
Why not do use the same technology like JBoss DataSource password encryption? http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypting_Data_Source_Passwords.html On Wed, May 1, 2013 at 3:45 AM, Eli Mesika wrote: > > > - Original Message - > > From: "Alon Bar-Lev" > > To: "engine-devel" > > Cc: "Yair Zaslavsky" , "Eli Mesika" < > emes...@redhat.com>, "Juan Hernandez" > > Sent: Tuesday, April 30, 2013 10:41:20 PM > > Subject: Dropping encryption of database password > > > > Hello, > > > > Currently we store database password encrypted using > > org.picketbox.datasource.security.SecureIdentityLoginModule. > > > > This is reverse encryption with common knowledge shared secret. > > > > Using encryption with common knowledge shared secret is close to void > > protection. > > > > So far we also stored the password as plain text at > > /etc/ovirt-engine/.pgpass, this is going to be removed as no component > > actually uses the .pgpass, however we do need to store non-java specific > > password in for utilities. > > > > In master (aiming to 3.3), we store the database connection details in > own > > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by > ovirt > > user and not world readable. > > > > I would like to use the same 50-setup-database.conf to store plain text > > password and remove the java specific reversible encrypted password > usage. > > > > Bottom line... > > 1. We drop the .pgpass file. > > 2. We store database connection information in > > /etc/ovirt-engine/engine.conf.d/ that is readable only by ovirt > usage. > > 3. We drop the java specific reversible encryption in favor of plain > text. > > > > Thoughts? > > I see no problem in the .pgpass , only root can access it (it has 0600 > mode , if it doesn't it is ignored by PG) > Apart from that , this is the standard way used by PG so why not using it > , AFAIK this is considered safe & secured > > > > Alon > > > ___ > Engine-devel mailing list > Engine-devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - > From: "Alon Bar-Lev" > To: "engine-devel" > Cc: "Yair Zaslavsky" , "Eli Mesika" > , "Juan Hernandez" > Sent: Tuesday, April 30, 2013 10:41:20 PM > Subject: Dropping encryption of database password > > Hello, > > Currently we store database password encrypted using > org.picketbox.datasource.security.SecureIdentityLoginModule. > > This is reverse encryption with common knowledge shared secret. > > Using encryption with common knowledge shared secret is close to void > protection. > > So far we also stored the password as plain text at > /etc/ovirt-engine/.pgpass, this is going to be removed as no component > actually uses the .pgpass, however we do need to store non-java specific > password in for utilities. > > In master (aiming to 3.3), we store the database connection details in own > file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt > user and not world readable. > > I would like to use the same 50-setup-database.conf to store plain text > password and remove the java specific reversible encrypted password usage. > > Bottom line... > 1. We drop the .pgpass file. > 2. We store database connection information in > /etc/ovirt-engine/engine.conf.d/ that is readable only by ovirt usage. > 3. We drop the java specific reversible encryption in favor of plain text. > > Thoughts? I see no problem in the .pgpass , only root can access it (it has 0600 mode , if it doesn't it is ignored by PG) Apart from that , this is the standard way used by PG so why not using it , AFAIK this is considered safe & secured > Alon > ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
[Engine-devel] Dropping encryption of database password
Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/ that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. Thoughts? Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel