My company doesn't allow plaintext passwords in config files either. On Friday, August 23, 2013, Ralph Goers wrote:
> I worked in an environment like Kurt's. passwords simply were not allowed > in clear text in config files. I still think a plugin is the right way to > handle that. > > Ralph > > On Aug 22, 2013, at 11:55 AM, Nick Williams <[email protected]> > wrote: > > This is what file permissions are for. The file should be protected so > that only those who are authorized may view it. For example, on a Linux > machine it may be 0400 where the user is the account that the application > runs under. Then only the application and root can view the file. > > N > > On Aug 22, 2013, at 1:32 PM, Kurt Lehrke wrote: > > I believe there’s a small oversight in the idea that if someone has access > to your box, that it’s game over.**** > ** ** > Think about a situation where a company may have a box with administrators > and users. They may still want levels of security. For example, say you > have a JDBCAppender that has a user name and password in their log4j2 > configuration. The administrator may have access to their application and > the database, but a user may only need access to the box. Therefore, > having the user name and password hashed in the configuration file would > ensure that a user (non admin) on the system can’t get to the database. > This is an interesting challenge since the password hash would have to be a > symmetric algorithm. It’s still merely only a light level of security > since anyone with bad intent could still figure out the decryption by > looking at the encryption algorithm.**** > ** ** > In my experience (supply chain development), some companies are pretty > strict on having any password left in plain text, even if it is just for > logging.**** > ** ** > Just a thought.**** > ** ** > Thanks,**** > Kurt**** > ** ** > ** ** > >
