1. My App looks bad since it requires to store
password in clear-text in a
file. This is more of client requirement; they do not want any password to
be stored in clear-text.
2. Accidentally doing a cat even by root will make the password visible.
You don't need to keep the password in clear text. Encode it in Base64
and keep it in the configuration file. This will solve the problem of accidental
viewing by some less tech savvy support personnel. But still it doesn't
secure your password. If someone sees and remembers or notes down
the encoded string, the original password can be retrieved from it easily.
You can also encrypt the password with a key. Then hard code the key
in the application itself. This will solve above problem as key can't be
retrieved without doing a detailed analysis of your app. There are ways
to embed the key text in an executable so that it won't turn up in the
output of "strings" command.
Since MySQL requires password to be supplied in clear text, your
application needs to keep it somewhere. Anyway none of the methods
mentioned above guarantees hundred percent security.
3. If you send across the system info to support to
troubleshoot my App,
this file maybe included. Customer passwords will be exposed to support
guys. (I know customer can remove the password line and send across the
file, but again its about convenience)
The best practice is to keep sensitive data in a separate configuration file
and don't keep it in the application base directory. For example if
is installed in /user/local/myapp, the file with password should be kept in
/etc/myapp.conf or something. So archiving the application base won't include
I know root can access almost any file and cause
damage/modify, but that is
something I am not worried about. The idea is to not keep it ridiculously
easy for someone to crack.
Then above mentioned methods should be good enough.