Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure application user.
Operating Systems Linux Secure application user. Post 303037780 by rbatte1 on Tuesday 13th of August 2019 09:31:49 AM
Old 08-13-2019
This seems to be a bad plan from the start. Writing passwords anywhere should be avoided. Anyone who can read the code that reads the password can probably just read the password for themselves.

A few questions:-
  • Why would your application need to know the password? Does it become the account for certain actions?
  • Could you not set up sudo access to allow people to become the account when they need to? This is auditable too.
  • Is this a database account or something? You may be able to define it as authorised externally to the database, i.e. the DB trusts the OS validation.
  • How would you use the password anyway?

It just seems a bad plan to me (sorry) and we may be able to find a better way that maybe even negates the need to have it changed regularly (i.e locked for password login entirely) so saving the Access Management team a task too.


I'm just confused and want to avoid building a service with exposures.
Robin
 

8 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

F-secure application: exporting profile

Is it possible to export your saved profiles in F-secure. I have looked in F-secure's documentation, on google, here, and other places and can't seem to figure out how to do it. It seems like such a simple task... (0 Replies)
Discussion started by: dangral
0 Replies

2. UNIX for Advanced & Expert Users

any reason for a user without a homedir - security/config/application?

Hi, Can I just quick pick everyone brain here about the following: There is a security audit going on at the company I work for and one of the things that needed to be resolved was that there were a lot of users who don't have a home directory. As this is a fairly large environment of over... (5 Replies)
Discussion started by: Solarius
5 Replies

3. Linux

How to delete a user account in linux bases application.

Hi, Can anyone please guide me how can I remove/block a user from a server access. /usr/sbin/adduser -d /home/john john echo ****** | passwd --stdin john I used the above command to add a user "john". How do I delete and block john. Appreciate your responses. (1 Reply)
Discussion started by: sureshcisco
1 Replies

4. Linux

Launch application in gnome session of another user.

A gnome session is launched by UserA of System A, I am connected to userB of System B(or A) through PUTTY. I want to launch an application for eg: gedit through Putty in the display of system A. how can I achieve this. for eg:- root is logged in to System A, with gdm. DISPLAY=0.0, ip =... (4 Replies)
Discussion started by: Sivaswami
4 Replies

5. Linux

Secure NFS mount for a single user

We have Server 1 - mounts an NFS share from another server to a users directory. Server 2 - has NFS share and the share only allows access from Server 1. How can we make sure no other users on Server 1 can access the NFS mount? (5 Replies)
Discussion started by: Adrnalnrsh
5 Replies

6. Programming

Questions about user authentication in my application

Hi, all, I am a newbie to linux authentication part. Questions below really puzzle me: How to authenticate users from local storage(passwd shadow) and nis server? (Without PAM) getpwnam_r() will return a '*' in the pw_passwd field of "struct passwd". I can parse /etc/shadow. But how... (1 Reply)
Discussion started by: mythmgn
1 Replies

7. Solaris

New user: lost application manager

Dear all, I am a beginner with Solaris. I unfortunately remove the Application Manager from the Front Panel, and I really don't know how to put it again, or from where launch it... Could anyone help me? (1 Reply)
Discussion started by: avr
1 Replies

8. Shell Programming and Scripting

Piping to user application sometimes fail

Hi, currently, I have a problem in a stress test bash script. i´m using the following command: while true; do echo $"command" | ./myprogram; sleep 0.4; done --> myprogram is watching for stdin via select The problem is that it will work a couple of times. After that, the stdin fd... (3 Replies)
Discussion started by: bertl100
3 Replies

LEARN ABOUT SUSE

shadow

SHADOW(5)							File Formats Manual							 SHADOW(5)

NAME

       shadow - encrypted password file

DESCRIPTION

       shadow contains the encrypted password information for user's accounts and optional the password aging information. Included is

	    Login name

	    Encrypted password

	    Days since Jan 1, 1970 that password was last changed

	    Days before password may be changed

	    Days after which password must be changed

	    Days before password is to expire that user is warned

	    Days after password expires that account is disabled

	    Days since Jan 1, 1970 that account is disabled

	    A reserved field

       The  password  field must be filled. The encryped password consists of 13 to 24 characters from the 64 characters alphabet a thru z, A thru
       Z, 0 thru 9, . and /. Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES)
       algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.

       Refer to crypt(3) for details on how this string is interpreted.

       The  date  of  the  last  password change is given as the number of days since Jan 1, 1970. The password may not be changed again until the
       proper number of days have passed, and must be changed after the maximum number of days.  If the minimum number of days required is greater
       than the maximum number of day allowed, this password may not be changed by the user.

       An  account is considered to be inactive and is disabled if the password is not changed within the specified number of days after the pass-
       word expires.  An account will also be disabled on the specified day regardless of other password expiration information.

       This information supercedes any password or password age information present in /etc/passwd.

       This file must not be readable by regular users if password security is to be maintained.

FILES

       /etc/passwd    - user account information
       /etc/shadow    - encrypted user passwords

SEE ALSO

       chage(1), login(1), passwd(1), su(1), passwd(5), pwconv(8), pwunconv(8), sulogin(8)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	 SHADOW(5)
All times are GMT -4. The time now is 08:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy