Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: DB Password encryption in config file
Top Forums Shell Programming and Scripting DB Password encryption in config file Post 302981288 by Corona688 on Friday 9th of September 2016 11:24:37 AM
Old 09-09-2016
This is an extremely common question but always has the same inescapable conclusion.

If your database can decrypt it at will without secrets -- so can anyone else.

Yes, but --

Encryption does not work that way.

But what if --

Encryption does not work that way.

Maybe if it --

Encryption does not work that way.

To prevent people from reading your passwords, chmod.

To prevent people getting access to something which reads the passwords, sudo.

To prevent root from getting at it... You're out of luck.

This question fools everyone eventually... I spent a long while earlier this year down a rabbithole trying to find a way to make arbitrary apache suexec secure, until I realized I was fighting what amounts to the same problem -- how to prove identity to the computer without using secrets.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Zipping with password or encryption

We currently take files (via FTP) off of a mainframe and save them as a text file on our server. This is done via a script. The next thing that is done to that text file is it gets zipped (using ZIP). This all works fine, but it doesn't appear that ZIP (the free version) has any way to password... (2 Replies)
Discussion started by: dsimpg1
2 Replies

2. AIX

File password protection/encryption

Can it be done? Ive read in a few places that the crypt program no longer exists on AIX...if its do-able please tell me how. (2 Replies)
Discussion started by: rdudejr
2 Replies

3. Solaris

Password Encryption (SunOS 5.8)

Hi all, I have a server in the office that we connect to via telnet. Can anyone explain please how i can encrypt the password so it cannot be picked up in plain text by sniffing software like WireShark, etc.? I'm not very experienced in Unix, so any ideas or even links would be great. ... (5 Replies)
Discussion started by: de049
5 Replies

4. UNIX for Dummies Questions & Answers

Password encryption

In unix, i know the password encrypt by using salt But how does it work? And how windows protect its password? Thank you for helping in advance (5 Replies)
Discussion started by: cryogen
5 Replies

5. Shell Programming and Scripting

Password encryption...

Hi, I have a Java app that looks for some parameters in a .properties file such as username and password. However I don't want to leave the password in a text file and I can't modify the app... Does anyone have some idea about how to encrypt/hide/etc the password so it's not freely accessible... (1 Reply)
Discussion started by: Tr0cken
1 Replies

6. UNIX for Dummies Questions & Answers

Password encryption

if I change my password on two different servers, using the same string but the encrypted password in /etc/passwd look different. If I copy an entry from one /etc/password to the other server. I can still log in to both servers using the same password. Only now both /etc/passwd entries are... (2 Replies)
Discussion started by: C0ppert0p
2 Replies

7. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies

8. Shell Programming and Scripting

Password encryption in RHEL

I am working on a script where we are using sqlplus command to connect to Oracle DB. But the schemaname and password used for sqlplus authentication, have to be hardcoded in the script. DBconnection=scott/tiger@SID sqlplus $DBconnection Here any user who reads the script can read the... (1 Reply)
Discussion started by: max29583
1 Replies

9. Post Here to Contact Site Administrators and Moderators

Password protected excel file without encryption or zipping

All, I have requirement to send password protected excel file in an email from unix/linux box without zipping it. Any help would be appreciated. Thanks.. (1 Reply)
Discussion started by: Durgesh Gupta
1 Replies

10. Shell Programming and Scripting

Password protected excel file without encryption or zipping

All, I have requirement to send password protected excel file in an email from unix/linux box without zipping it. Any help would be appreciated. Thanks.. (8 Replies)
Discussion started by: Durgesh Gupta
8 Replies

LEARN ABOUT CENTOS

gnome-keyring-daemon

GNOME-KEYRING-DAEM(1)						   User Commands					     GNOME-KEYRING-DAEM(1)

NAME

       gnome-keyring-daemon - The gnome-keyring daemon

SYNOPSIS

       gnome-keyring-daemon [OPTION...]

DESCRIPTION

       The gnome-keyring-daemon is a service that stores your passwords and secrets. It is normally started automatically when a user logs into a
       desktop session.

       The gnome-keyring-daemon implements the DBus Secret Service API, and you can use tools like seahorse or secret-tool to interact with it.

       The daemon also implements a GnuPG and SSH agent both of which automatically load the user's keys, and prompt for passwords when necessary.

       The daemon will print out various environment variables which should be set in the user's environment, in order to interact with the
       daemon.

OPTIONS

       The various startup arguments below can be used:

       -c, --components=ssh,secrets,gpg,pkcs11
	   Ask the daemon to only initialize certain components. Valid components are ssh, gpg, secrets, pkcs11.

	   By default all components are initialized.

       -C, --control-directory=/path/to/directory
	   Use this directory for creating communication sockets. By default a temporary directory is automatically created.

       -d, --daemonize
	   Run as a real daemon, disconnected from the terminal.

       -f, --foreground
	   Run in the foreground, and do not fork or become a daemon.

       -l, --login
	   This argument tells the daemon it is being run by PAM. It reads all of stdin (including any newlines) as a login password and does not
	   complete actual initialization.

	   The daemon should later be initialized with a gnome-keyring-daemon --start invocation.

	   This option may not be used together with either the --replace or --start arguments.

       -r, --replace
	   Try to replace a running keyring daemon, and assume its environment avriables. A successful replacement depends on the
	   GNOMKE_KEYRING_CONTROL environment variable being set by an earlier daemon.

	   This option may not be used together with either the --login or --start arguments.

       -s, --start
	   Connect to an already running daemon and initialize it. This is often used to complete initialization of a daemon that was started by
	   PAM using the --login argument.

	   This option may not be used together with either the --login or --replace arguments.

       -V, --version
	   Print out the gnome-keyring version and then exit.

       -h, --help
	   Show help options and exit.

BUGS

       Please send bug reports to either the distribution bug tracker or the upstream bug tracker at
       https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-keyring

SEE ALSO

       secret-tool(1), seahorse(1)

       Further details available in the gnome-keyring online documentation at https://wiki.gnome.org/GnomeKeyring and in the secret-service online
       documentation at http://standards.freedesktop.org/secret-service/

gnome-keyring														     GNOME-KEYRING-DAEM(1)
All times are GMT -4. The time now is 04:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy