- My App looks bad since it requires to store password in clear-text in a
file. This is more of client requirement; they do not want any password to be stored in clear-text.
<snip> 2. Accidentally doing a cat even by root will make the password visible.
You don't need to keep the password in clear text. Encode it in Base64 and keep it in the configuration file. This will solve the problem of accidental viewing by some less tech savvy support personnel. But still it doesn't secure your password. If someone sees and remembers or notes down the encoded string, the original password can be retrieved from it easily. You can also encrypt the password with a key. Then hard code the key in the application itself. This will solve above problem as key can't be retrieved without doing a detailed analysis of your app. There are ways to embed the key text in an executable so that it won't turn up in the output of "strings" command.
Since MySQL requires password to be supplied in clear text, your application needs to keep it somewhere. Anyway none of the methods mentioned above guarantees hundred percent security.
- If you send across the system info to support to troubleshoot my App,
this file maybe included. Customer passwords will be exposed to support guys. (I know customer can remove the password line and send across the file, but again its about convenience)
The best practice is to keep sensitive data in a separate configuration file and don't keep it in the application base directory. For example if your application is installed in /user/local/myapp, the file with password should be kept in /etc/myapp.conf or something. So archiving the application base won't include this file.
I know root can access almost any file and cause damage/modify, but that is something I am not worried about. The idea is to not keep it ridiculously easy for someone to crack.
Then above mentioned methods should be good enough.
Raghu
-
Raghu Prasad