Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
This is a common problem and there are some common guidelines that allow you to run your program almost anywhere. Store your passwords in an external file. The passwords must be encrypted using at least 1024 bit encryption with some sort of salt. AES is probably your best bet. The file must be readable *only* by the administrator. Do NOT roll your own encryption, use openssl. > Related to my previous database questions... > > Normally I think of a program as trusting itself, having some integrity, > maybe not even having gaping bugs or security holes. But what if I the > program I am writing is talking to another, such as Postgres? Postgres > has the ability to do passwords, so do I just put a password in my > program source? Set Postgres to only accept local connections, and hope > for the best? Seems wrong. Do I try to put both in a chroot or something? > > My program already has to hope that its program files are secured by the > hosting OS, but at least if it isn't opening up a network port it stays > a rather contained problem. > > (I want multiple programs talking to the database, so no, I can't just > link in Sqlite.) > > Seems a general problem of securing interprocess communications. > > Thoughts? > > Thanks, > > -kb, the Kent who knows that people Google for passwords, search github > for passwords, and get a lot of juicy results. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
> From: Kent Borg [mailto:kentb...@borg.org] > > On 01/31/2015 06:03 PM, Edward Ned Harvey (blu) wrote: > > Depends on a lot of stuff. What language? Running on a system you own, > > or deployed to someone else, etc? > > Daemons, written in Python, on a machine I fully control. The best you can do is put the passwords into a config file with locked-down permissions. Make sure the passwords are randomly generated, and securely communicated with the server - SSL or whatever. Although it doesn't provide real security, it does no harm to use some obfuscation - Encrypt with a key that's hard-coded into the application. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
On 1/31/2015 6:25 PM, Kent Borg wrote: Daemons, written in Python, on a machine I fully control. If you fully control it then you don't need authentication. Because this is only used to communicate within the machine, no one else cares whether it changes. A file with narrow permissions is safer than trusting "localhost" restrictions. Not really. For example, attacker exploits a vulnerability to briefly acquire root shell access. Attacker uses this to do two things: read the password and run "chattr +i ${file}". Now your attacker has the current password and has taken a step to prevent it from being changed. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
On 01/31/2015 06:30 PM, Gordon Marx wrote: None of that matters. Huh? Code goes in version control. Secrets that you want to keep secret don't. Therefore, you can't put secrets into your code. Yes, that's why I brought up the question. We agree. Write the username and password into a configuration file, That is my current approach. get the username and password from the environment, or use a non-password auth mechanism like an SSL certificate. Even more non-standard, make up a new one every time the OS boots, set the postgres password then, too. Because this is only used to communicate within the machine, no one else cares whether it changes. A file with narrow permissions is safer than trusting "localhost" restrictions. -kb ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
None of that matters. Code goes in version control. Secrets that you want to keep secret don't. Therefore, you can't put secrets into your code. Write the username and password into a configuration file, get the username and password from the environment, or use a non-password auth mechanism like an SSL certificate. Sent from my iPhone > On Jan 31, 2015, at 6:25 PM, Kent Borg wrote: > >> On 01/31/2015 06:03 PM, Edward Ned Harvey (blu) wrote: >> Depends on a lot of stuff. What language? Running on a system you own, or >> deployed to someone else, etc? > > Daemons, written in Python, on a machine I fully control. > > -kb > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
On 01/31/2015 06:03 PM, Edward Ned Harvey (blu) wrote: Depends on a lot of stuff. What language? Running on a system you own, or deployed to someone else, etc? Daemons, written in Python, on a machine I fully control. -kb ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On > Behalf Of Kent Borg > > My program already has to hope that its program files are secured by the > hosting OS, but at least if it isn't opening up a network port it stays > a rather contained problem. Depends on a lot of stuff. What language? Running on a system you own, or deployed to someone else, etc? Normally, passwords that your app needs in order to connect to some other thing should be stored in a config file. Ideally, it should be an OS-encrypted store, for example in C# I would use ProtectedData. This encrypts the file on disk using a complex set of login stuff to derive a key specific to the logged in user - or in mono, the mono MRE generates random keys and stores them in a protected subdir in the users' home dir, so once again it's protected to the logged in user. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
On 1/31/2015 1:53 PM, Kent Borg wrote: How about this: Give every boot, of every box running the code, its own unique password. If Postgres reads the random password before the password randomizer finishes then Postgress will have the previous boot's password or an incomplete password from a partially-written file. Nothing can authenticate as a result. You could embed the randomizer in the Postgres startup code so it runs sequentially but now you have another piece of code that you have to maintain. If at a later date you have to split the database engine and the application between different servers then the whole thing falls apart and you're back to square 1. So no, not really as simple as it might seem at first. Put the effort into implementing a standard, secure authentication system instead of a hack. It's more work up front but it avoids on-going hassles over the life of the system. Use your existing authentication infrastructure if you have one and let whoever runs it deal with key management. That's their job. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
All I am doing is connecting the server with the client code, on the same machine. I don't care what the password is, only that the two agree, on any given box. How about this: Give every boot, of every box running the code, its own unique password. At every boot, create a new password in a boot script (read a UUID out of /proc/sys/kernel/random/uuid). Give it to Postgres and put it in a config file with reasonable ownership restrictions appropriate to be read by the client code. Seems pretty simple. -kb P.S. Also turn off all but loopback access to the server process. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Rather than password authentication you should look at other mechanisms like SSH's public key authentication or Kerberos keytabs. What's probably better is to use a role-based access control mechanism where only processes with the requisite roles can access the secure system. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Set up postgres to only allow connections from the loopback. Put the db credentials in a file, then rely on file-system permissions and/or SElinux to prevent access to that file from other processes on the system. This is the sort of thing SELinux is really designed for. Matt On 1/31/2015 10:56 AM, Eric Chadbourne wrote: > FWIW, in PHP you often put the PostgreSQL user credentials in the code. > Usually a config file somewhere. You can also place sensitive files outside > of your web root with proper permissions. If all running on a local box I > don’t open the ports or set the db config to allow other connections. It > seems reasonably secure. > > I am curious as to what others do. > > The PostgreSQL docs have a ton of great info. > > - Eric > > > >> On Jan 31, 2015, at 10:28 AM, Kent Borg wrote: >> >> Related to my previous database questions... >> >> Normally I think of a program as trusting itself, having some integrity, >> maybe not even having gaping bugs or security holes. But what if I the >> program I am writing is talking to another, such as Postgres? Postgres has >> the ability to do passwords, so do I just put a password in my program >> source? Set Postgres to only accept local connections, and hope for the >> best? Seems wrong. Do I try to put both in a chroot or something? >> >> My program already has to hope that its program files are secured by the >> hosting OS, but at least if it isn't opening up a network port it stays a >> rather contained problem. >> >> (I want multiple programs talking to the database, so no, I can't just link >> in Sqlite.) >> >> Seems a general problem of securing interprocess communications. >> >> Thoughts? >> >> Thanks, >> >> -kb, the Kent who knows that people Google for passwords, search github for >> passwords, and get a lot of juicy results. >> ___ >> Discuss mailing list >> Discuss@blu.org >> http://lists.blu.org/mailman/listinfo/discuss > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
FWIW, in PHP you often put the PostgreSQL user credentials in the code. Usually a config file somewhere. You can also place sensitive files outside of your web root with proper permissions. If all running on a local box I don’t open the ports or set the db config to allow other connections. It seems reasonably secure. I am curious as to what others do. The PostgreSQL docs have a ton of great info. - Eric > On Jan 31, 2015, at 10:28 AM, Kent Borg wrote: > > Related to my previous database questions... > > Normally I think of a program as trusting itself, having some integrity, > maybe not even having gaping bugs or security holes. But what if I the > program I am writing is talking to another, such as Postgres? Postgres has > the ability to do passwords, so do I just put a password in my program > source? Set Postgres to only accept local connections, and hope for the best? > Seems wrong. Do I try to put both in a chroot or something? > > My program already has to hope that its program files are secured by the > hosting OS, but at least if it isn't opening up a network port it stays a > rather contained problem. > > (I want multiple programs talking to the database, so no, I can't just link > in Sqlite.) > > Seems a general problem of securing interprocess communications. > > Thoughts? > > Thanks, > > -kb, the Kent who knows that people Google for passwords, search github for > passwords, and get a lot of juicy results. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Related to my previous database questions... Normally I think of a program as trusting itself, having some integrity, maybe not even having gaping bugs or security holes. But what if I the program I am writing is talking to another, such as Postgres? Postgres has the ability to do passwords, so do I just put a password in my program source? Set Postgres to only accept local connections, and hope for the best? Seems wrong. Do I try to put both in a chroot or something? My program already has to hope that its program files are secured by the hosting OS, but at least if it isn't opening up a network port it stays a rather contained problem. (I want multiple programs talking to the database, so no, I can't just link in Sqlite.) Seems a general problem of securing interprocess communications. Thoughts? Thanks, -kb, the Kent who knows that people Google for passwords, search github for passwords, and get a lot of juicy results. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss