Re: [Engine-devel] Dropping encryption of database password
On 05/05/2013 03:17 AM, Alon Bar-Lev wrote: I am going to drop the .pgpass file in favor of other configuration file and produce .pgpass on will. This is because: 1. The proprietary format of .pgpass is not friendly to parsing. Ack. Please remove this for a key/value solution. ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Keith Robertson krobe...@redhat.com Cc: Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Wednesday, May 1, 2013 9:40:13 PM Subject: Re: [Engine-devel] Dropping encryption of database password - Original Message - From: Keith Robertson krobe...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: Josh Bressers bress...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com, Sandro Bonazzola sbona...@redhat.com Sent: Wednesday, May 1, 2013 9:31:15 PM Subject: Re: [Engine-devel] Dropping encryption of database password On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. Alon, I agree with the desire to store the PW in plaintext and in a non-obfuscated manner. In this case, obfuscation really doesn't gain anything. I would suggest; however, that the migration to plaintext be coordinated with a simultaneous patch to the the Log Collector. It does have a dependency on the current architecture. Keith Hi, As far as I know it reads the plain text from .pgpass, we need to modify it to search within the alternate format as well. We are using the original .pgpass file that is in 0600 mode ( have access only to root) If the file does not have this mode , it is ignored by Postgres I see no security issue in that ... Please see details in http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html Thanks, Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Eli Mesika emes...@redhat.com To: Keith Robertson krobe...@redhat.com, Alon Bar-Lev alo...@redhat.com, Juan Hernandez jhern...@redhat.com Cc: engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Sunday, May 5, 2013 10:13:59 AM Subject: Re: [Engine-devel] Dropping encryption of database password - Original Message - From: Alon Bar-Lev alo...@redhat.com To: Keith Robertson krobe...@redhat.com Cc: Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Wednesday, May 1, 2013 9:40:13 PM Subject: Re: [Engine-devel] Dropping encryption of database password - Original Message - From: Keith Robertson krobe...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: Josh Bressers bress...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com, Sandro Bonazzola sbona...@redhat.com Sent: Wednesday, May 1, 2013 9:31:15 PM Subject: Re: [Engine-devel] Dropping encryption of database password On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. Alon, I agree with the desire to store the PW in plaintext and in a non-obfuscated manner. In this case, obfuscation really doesn't gain anything. I would suggest; however, that the migration to plaintext be coordinated with a simultaneous patch to the the Log Collector. It does have a dependency on the current architecture. Keith Hi, As far as I know it reads the plain text from .pgpass, we need to modify it to search within the alternate format as well. We are using the original .pgpass file that is in 0600 mode ( have access only to root) If the file does not have this mode , it is ignored by Postgres I see no security issue in that ... Please see details in http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html I am going to drop the .pgpass file in favor of other configuration file and produce .pgpass on will. This is because: 1. The proprietary format of .pgpass is not friendly to parsing. 2. It does not hold the SSL setting. 3. It does not hold the SSL host validation setting. 4. It will be more difficult to modify user password. This file is also 0600 owned by engine but in key=value format, so no change as far as security is concerned. Thanks! Alon. Thanks, Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Eli Mesika emes...@redhat.com Cc: Keith Robertson krobe...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Sunday, May 5, 2013 10:17:28 AM Subject: Re: [Engine-devel] Dropping encryption of database password - Original Message - From: Eli Mesika emes...@redhat.com To: Keith Robertson krobe...@redhat.com, Alon Bar-Lev alo...@redhat.com, Juan Hernandez jhern...@redhat.com Cc: engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Sunday, May 5, 2013 10:13:59 AM Subject: Re: [Engine-devel] Dropping encryption of database password - Original Message - From: Alon Bar-Lev alo...@redhat.com To: Keith Robertson krobe...@redhat.com Cc: Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Wednesday, May 1, 2013 9:40:13 PM Subject: Re: [Engine-devel] Dropping encryption of database password - Original Message - From: Keith Robertson krobe...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: Josh Bressers bress...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com, Sandro Bonazzola sbona...@redhat.com Sent: Wednesday, May 1, 2013 9:31:15 PM Subject: Re: [Engine-devel] Dropping encryption of database password On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. Alon, I agree with the desire to store the PW in plaintext and in a non-obfuscated manner. In this case, obfuscation really doesn't gain anything. I would suggest; however, that the migration to plaintext be coordinated with a simultaneous patch to the the Log Collector. It does have a dependency on the current architecture. Keith Hi, As far as I know it reads the plain text from .pgpass, we need to modify it to search within the alternate format as well. We are using the original .pgpass file that is in 0600 mode ( have access only to root) If the file does not have this mode , it is ignored by Postgres I see no security issue in that ... Please see details in http://www.postgresql.org/docs/9.0/static/libpq-pgpass.html I am going to drop the .pgpass file in favor of other configuration file and produce .pgpass on will. This is because: 1. The proprietary format of .pgpass is not friendly to parsing. 2. It does not hold the SSL setting. 3. It does not hold the SSL host validation setting. 4. It will be more difficult to modify user password. This file is also 0600 owned by engine but in key=value format, so no change as far as security is concerned. That's OK from my point Thanks! Alon. Thanks, Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
On Tue, Apr 30, 2013 at 03:41:20PM -0400, Alon Bar-Lev wrote: Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/file that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. +1. Obfuscating passwords only gives a false sense of security. However, many applications, such Firefox in its signons.sqlite, do that to avoid revealing the password during a casual browse of the filesystem. ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Eli Mesika emes...@redhat.com Cc: engine-devel engine-devel@ovirt.org, Yair Zaslavsky yzasl...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Wednesday, May 1, 2013 8:55:05 AM Subject: Re: Dropping encryption of database password - Original Message - From: Eli Mesika emes...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: engine-devel engine-devel@ovirt.org, Yair Zaslavsky yzasl...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Wednesday, May 1, 2013 3:45:06 AM Subject: Re: Dropping encryption of database password - Original Message - From: Alon Bar-Lev alo...@redhat.com To: engine-devel engine-devel@ovirt.org Cc: Yair Zaslavsky yzasl...@redhat.com, Eli Mesika emes...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Tuesday, April 30, 2013 10:41:20 PM Subject: Dropping encryption of database password Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/file that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. Thoughts? I see no problem in the .pgpass , only root can access it (it has 0600 mode , if it doesn't it is ignored by PG) Apart from that , this is the standard way used by PG so why not using it , AFAIK this is considered safe secured In another words you are for storing password as plain text :) If the file is protected , I don't mind that the password is in plain text... Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
In another words you are for storing password as plain text :) If the file is protected , I don't mind that the password is in plain text... Hi all, Itamar pointed me at this thread. I'm part of the Red Hat Product Security Team, we exist to help various projects and products with security needs (such as advice in this instance). I can't really comment on this without understanding some of the background (sorry for not being up to speed, I don't have time to research this today and I'm away tomorrow so my replies may be slow). Can you explain to me what the passwords in question are used for? Thanks. -- Josh Bressers / Red Hat Product Security Team ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Josh Bressers bress...@redhat.com To: Eli Mesika emes...@redhat.com Cc: Alon Bar-Lev alo...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Wednesday, May 1, 2013 6:40:26 PM Subject: Re: [Engine-devel] Dropping encryption of database password In another words you are for storing password as plain text :) If the file is protected , I don't mind that the password is in plain text... Hi all, Hello, Itamar pointed me at this thread. I'm part of the Red Hat Product Security Team, we exist to help various projects and products with security needs (such as advice in this instance). I can't really comment on this without understanding some of the background (sorry for not being up to speed, I don't have time to research this today and I'm away tomorrow so my replies may be slow). Can you explain to me what the passwords in question are used for? The password of the user used to access the database. Regards, Alon Thanks. -- Josh Bressers / Red Hat Product Security Team ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
In another words you are for storing password as plain text :) If the file is protected , I don't mind that the password is in plain text... Hi all, Hello, Itamar pointed me at this thread. I'm part of the Red Hat Product Security Team, we exist to help various projects and products with security needs (such as advice in this instance). I can't really comment on this without understanding some of the background (sorry for not being up to speed, I don't have time to research this today and I'm away tomorrow so my replies may be slow). Can you explain to me what the passwords in question are used for? The password of the user used to access the database. Ahh, so the subject is quite literal. So in an instance like this it's not uncommon to store this password as plaintext in a file. The important part is then to ensure that the file is protected and can only be accessed on a need-to-know basis. Using various scrambling techniques don't really provide any additional security. Some claim it makes things worse as it provides a false sense of security. I would suggest you make a note about what processes and users can view or modify this file and for what reasons. This should help identify things in the future that should or shouldn't have this level of access. Let me know if you have any questions. Thanks. -- Josh Bressers / Red Hat Product Security Team ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Josh Bressers bress...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: Eli Mesika emes...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com Sent: Wednesday, May 1, 2013 9:13:24 PM Subject: Re: [Engine-devel] Dropping encryption of database password In another words you are for storing password as plain text :) If the file is protected , I don't mind that the password is in plain text... Hi all, Hello, Itamar pointed me at this thread. I'm part of the Red Hat Product Security Team, we exist to help various projects and products with security needs (such as advice in this instance). I can't really comment on this without understanding some of the background (sorry for not being up to speed, I don't have time to research this today and I'm away tomorrow so my replies may be slow). Can you explain to me what the passwords in question are used for? The password of the user used to access the database. Ahh, so the subject is quite literal. So in an instance like this it's not uncommon to store this password as plaintext in a file. The important part is then to ensure that the file is protected and can only be accessed on a need-to-know basis. Using various scrambling techniques don't really provide any additional security. Some claim it makes things worse as it provides a false sense of security. I would suggest you make a note about what processes and users can view or modify this file and for what reasons. This should help identify things in the future that should or shouldn't have this level of access. Let me know if you have any questions. Thanks. Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. -- Josh Bressers / Red Hat Product Security Team ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. Alon, I agree with the desire to store the PW in plaintext and in a non-obfuscated manner. In this case, obfuscation really doesn't gain anything. I would suggest; however, that the migration to plaintext be coordinated with a simultaneous patch to the the Log Collector. It does have a dependency on the current architecture. Keith ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Keith Robertson krobe...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: Josh Bressers bress...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org, pmatouse pmato...@redhat.com, Sandro Bonazzola sbona...@redhat.com Sent: Wednesday, May 1, 2013 9:31:15 PM Subject: Re: [Engine-devel] Dropping encryption of database password On 05/01/2013 02:16 PM, Alon Bar-Lev wrote: Thank you. This is what I wrote in my initial post. The only users who should access this password is ovirt user and root user. Regards, Alon Bar-Lev. Alon, I agree with the desire to store the PW in plaintext and in a non-obfuscated manner. In this case, obfuscation really doesn't gain anything. I would suggest; however, that the migration to plaintext be coordinated with a simultaneous patch to the the Log Collector. It does have a dependency on the current architecture. Keith Hi, As far as I know it reads the plain text from .pgpass, we need to modify it to search within the alternate format as well. Thanks, Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
[Engine-devel] Dropping encryption of database password
Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/file that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. Thoughts? Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: engine-devel engine-devel@ovirt.org Cc: Yair Zaslavsky yzasl...@redhat.com, Eli Mesika emes...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Tuesday, April 30, 2013 10:41:20 PM Subject: Dropping encryption of database password Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/file that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. Thoughts? I see no problem in the .pgpass , only root can access it (it has 0600 mode , if it doesn't it is ignored by PG) Apart from that , this is the standard way used by PG so why not using it , AFAIK this is considered safe secured Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
Why not do use the same technology like JBoss DataSource password encryption? http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypting_Data_Source_Passwords.html On Wed, May 1, 2013 at 3:45 AM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: Alon Bar-Lev alo...@redhat.com To: engine-devel engine-devel@ovirt.org Cc: Yair Zaslavsky yzasl...@redhat.com, Eli Mesika emes...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Tuesday, April 30, 2013 10:41:20 PM Subject: Dropping encryption of database password Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/file that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. Thoughts? I see no problem in the .pgpass , only root can access it (it has 0600 mode , if it doesn't it is ignored by PG) Apart from that , this is the standard way used by PG so why not using it , AFAIK this is considered safe secured Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Eli Mesika emes...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: engine-devel engine-devel@ovirt.org, Yair Zaslavsky yzasl...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Wednesday, May 1, 2013 3:45:06 AM Subject: Re: Dropping encryption of database password - Original Message - From: Alon Bar-Lev alo...@redhat.com To: engine-devel engine-devel@ovirt.org Cc: Yair Zaslavsky yzasl...@redhat.com, Eli Mesika emes...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Tuesday, April 30, 2013 10:41:20 PM Subject: Dropping encryption of database password Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/file that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. Thoughts? I see no problem in the .pgpass , only root can access it (it has 0600 mode , if it doesn't it is ignored by PG) Apart from that , this is the standard way used by PG so why not using it , AFAIK this is considered safe secured In another words you are for storing password as plain text :) Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
Re: [Engine-devel] Dropping encryption of database password
- Original Message - From: Liran Zelkha liran.zel...@gmail.com To: Eli Mesika emes...@redhat.com Cc: Alon Bar-Lev alo...@redhat.com, Juan Hernandez jhern...@redhat.com, engine-devel engine-devel@ovirt.org Sent: Wednesday, May 1, 2013 8:34:18 AM Subject: Re: [Engine-devel] Dropping encryption of database password Why not do use the same technology like JBoss DataSource password encryption? http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypting_Data_Source_Passwords.html As I wrote: 1. Out project is not java specific, we need to access the database in other tools as well, example: python. 2. Reversible encryption is a total void, what benefit is there to encrypt password which can be decrypted by anyone? 3. We currently store the same password at two files, one which is .pgpass as plain text and another is at the service configuration which is encrypted, what is the benefit in this duplication? Thanks! Alon On Wed, May 1, 2013 at 3:45 AM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: Alon Bar-Lev alo...@redhat.com To: engine-devel engine-devel@ovirt.org Cc: Yair Zaslavsky yzasl...@redhat.com, Eli Mesika emes...@redhat.com, Juan Hernandez jhern...@redhat.com Sent: Tuesday, April 30, 2013 10:41:20 PM Subject: Dropping encryption of database password Hello, Currently we store database password encrypted using org.picketbox.datasource.security.SecureIdentityLoginModule. This is reverse encryption with common knowledge shared secret. Using encryption with common knowledge shared secret is close to void protection. So far we also stored the password as plain text at /etc/ovirt-engine/.pgpass, this is going to be removed as no component actually uses the .pgpass, however we do need to store non-java specific password in for utilities. In master (aiming to 3.3), we store the database connection details in own file /etc/ovirt-engine/engine.conf.d/50-setup-database.conf owned by ovirt user and not world readable. I would like to use the same 50-setup-database.conf to store plain text password and remove the java specific reversible encrypted password usage. Bottom line... 1. We drop the .pgpass file. 2. We store database connection information in /etc/ovirt-engine/engine.conf.d/file that is readable only by ovirt usage. 3. We drop the java specific reversible encryption in favor of plain text. Thoughts? I see no problem in the .pgpass , only root can access it (it has 0600 mode , if it doesn't it is ignored by PG) Apart from that , this is the standard way used by PG so why not using it , AFAIK this is considered safe secured Alon ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
