Re: How have others handled management concerns over storing databaseuserid and password in struts-config.xml?
Shamdasani Nimmi-ANS004 wrote: >Each application user, i.e., a supplier has only access to a subset of the database >depending on what he/she is allowed to see but the database account(the account which >is used by the application to get the connection pool) has access to the complete >database. This database account information(user, password, etc.) is stored in >struts-config.xml. This database account information is what the management is >worried about. Here I meant that the general Web user should not be allowed to do things like drop tables ;-) > So are you saying that the database server should only accept access by database >account from the Webserver IP only. I am not much familiar with the setting up of the >servers but could a database server be made to allow access on a database account >only at a particular IP? Typically. > do you mean that the database account be the only one to be able to read the folder >or that the application users be the only ones allowed to read? Neither. I meant the account that is running the Web server, and needs to read the file. The config file is actually accessed by the account that the server is running under. -- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel +1 716 737-3463 -- http://www.husted.com/about/struts/
RE: How have others handled management concerns over storing databaseuserid and password in struts-config.xml?
I really appreciate all the responses. Ted, I just want to make sure there is no confusion in understanding my problem. I am not sure if by Web user you mean the application user or the database account. Each application user, i.e., a supplier has only access to a subset of the database depending on what he/she is allowed to see but the database account(the account which is used by the application to get the connection pool) has access to the complete database. This database account information(user, password, etc.) is stored in struts-config.xml. This database account information is what the management is worried about. So are you saying that the database server should only accept access by database account from the Webserver IP only. I am not much familiar with the setting up of the servers but could a database server be made to allow access on a database account only at a particular IP? Also regarding your statement: "The configuration folder should also be protected with file system security, so only the Web server user can read them. This should be a system-type user that can only be accessed by su, and not by public login." do you mean that the database account be the only one to be able to read the folder or that the application users be the only ones allowed to read? Thanks. -Nimmi -Original Message- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: How have others handled management concerns over storing databaseuserid and password in struts-config.xml? You would want to restrict what kind of access your generic Web user has to the database. If the permissions are set right on the database, then they can't do much they couldn't do from the Website anyway. You should also restrict from where the Web user login can be used. It should only be good from the Web server's IP, and anyone trying to log in with it from another machine should be rejected. In a firewall situation, this can be an internal IP that is not available through the Web site. The configuration folder should also be protected with file system security, so only the Web server user can read them. This should be a system-type user that can only be accessed by su, and not by public login. If you use a seperate connection pool, like poolman (www.codestudio.com), you will have more flexibility as to where the configuration file can be placed. It would need to be on the classpath, but it could be kept well outside the Web server file structure. -- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel +1 716 737-3463 -- http://www.husted.com/about/struts/ Shamdasani Nimmi-ANS004 wrote: > > Hi, > > Here's my problem. My management feels that storing the database >account(userid/password)in the config file is a security risk. According to them a >hacker can get access to the whole database if they can get access to this info. > > Supposedly the security team wants to put the application server outside the >Firewall in Quarantine zone and the database behind the FW. > > Did any of you had to go thru this issue and how did you explain/resolve it. > > Can someone help me dispel their concern? > > TIA. > > -Nimmi
Re: How have others handled management concerns over storing databaseuserid and password in struts-config.xml?
You would want to restrict what kind of access your generic Web user has to the database. If the permissions are set right on the database, then they can't do much they couldn't do from the Website anyway. You should also restrict from where the Web user login can be used. It should only be good from the Web server's IP, and anyone trying to log in with it from another machine should be rejected. In a firewall situation, this can be an internal IP that is not available through the Web site. The configuration folder should also be protected with file system security, so only the Web server user can read them. This should be a system-type user that can only be accessed by su, and not by public login. If you use a seperate connection pool, like poolman (www.codestudio.com), you will have more flexibility as to where the configuration file can be placed. It would need to be on the classpath, but it could be kept well outside the Web server file structure. -- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel +1 716 737-3463 -- http://www.husted.com/about/struts/ Shamdasani Nimmi-ANS004 wrote: > > Hi, > > Here's my problem. My management feels that storing the database >account(userid/password)in the config file is a security risk. According to them a >hacker can get access to the whole database if they can get access to this info. > > Supposedly the security team wants to put the application server outside the >Firewall in Quarantine zone and the database behind the FW. > > Did any of you had to go thru this issue and how did you explain/resolve it. > > Can someone help me dispel their concern? > > TIA. > > -Nimmi