Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure application user.
Operating Systems Linux Secure application user. Post 303037780 by rbatte1 on Tuesday 13th of August 2019 09:31:49 AM
Old 08-13-2019
This seems to be a bad plan from the start. Writing passwords anywhere should be avoided. Anyone who can read the code that reads the password can probably just read the password for themselves.

A few questions:-
  • Why would your application need to know the password? Does it become the account for certain actions?
  • Could you not set up sudo access to allow people to become the account when they need to? This is auditable too.
  • Is this a database account or something? You may be able to define it as authorised externally to the database, i.e. the DB trusts the OS validation.
  • How would you use the password anyway?

It just seems a bad plan to me (sorry) and we may be able to find a better way that maybe even negates the need to have it changed regularly (i.e locked for password login entirely) so saving the Access Management team a task too.


I'm just confused and want to avoid building a service with exposures.
Robin
 

8 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

F-secure application: exporting profile

Is it possible to export your saved profiles in F-secure. I have looked in F-secure's documentation, on google, here, and other places and can't seem to figure out how to do it. It seems like such a simple task... (0 Replies)
Discussion started by: dangral
0 Replies

2. UNIX for Advanced & Expert Users

any reason for a user without a homedir - security/config/application?

Hi, Can I just quick pick everyone brain here about the following: There is a security audit going on at the company I work for and one of the things that needed to be resolved was that there were a lot of users who don't have a home directory. As this is a fairly large environment of over... (5 Replies)
Discussion started by: Solarius
5 Replies

3. Linux

How to delete a user account in linux bases application.

Hi, Can anyone please guide me how can I remove/block a user from a server access. /usr/sbin/adduser -d /home/john john echo ****** | passwd --stdin john I used the above command to add a user "john". How do I delete and block john. Appreciate your responses. (1 Reply)
Discussion started by: sureshcisco
1 Replies

4. Linux

Launch application in gnome session of another user.

A gnome session is launched by UserA of System A, I am connected to userB of System B(or A) through PUTTY. I want to launch an application for eg: gedit through Putty in the display of system A. how can I achieve this. for eg:- root is logged in to System A, with gdm. DISPLAY=0.0, ip =... (4 Replies)
Discussion started by: Sivaswami
4 Replies

5. Linux

Secure NFS mount for a single user

We have Server 1 - mounts an NFS share from another server to a users directory. Server 2 - has NFS share and the share only allows access from Server 1. How can we make sure no other users on Server 1 can access the NFS mount? (5 Replies)
Discussion started by: Adrnalnrsh
5 Replies

6. Programming

Questions about user authentication in my application

Hi, all, I am a newbie to linux authentication part. Questions below really puzzle me: How to authenticate users from local storage(passwd shadow) and nis server? (Without PAM) getpwnam_r() will return a '*' in the pw_passwd field of "struct passwd". I can parse /etc/shadow. But how... (1 Reply)
Discussion started by: mythmgn
1 Replies

7. Solaris

New user: lost application manager

Dear all, I am a beginner with Solaris. I unfortunately remove the Application Manager from the Front Panel, and I really don't know how to put it again, or from where launch it... Could anyone help me? (1 Reply)
Discussion started by: avr
1 Replies

8. Shell Programming and Scripting

Piping to user application sometimes fail

Hi, currently, I have a problem in a stress test bash script. i´m using the following command: while true; do echo $"command" | ./myprogram; sleep 0.4; done --> myprogram is watching for stdin via select The problem is that it will work a couple of times. After that, the stdin fd... (3 Replies)
Discussion started by: bertl100
3 Replies

LEARN ABOUT CENTOS

lchage

lchage(1)						      General Commands Manual							 lchage(1)

NAME

       lchage - Display or change user password policy

SYNOPSIS

       lchage [OPTION]... user

DESCRIPTION

       Displays or allows changing password policy of user.

OPTIONS

       -d, --date=days
	      Set the date of last password change to days after Jan 1 1970.

	      Set days to -1 to disable password expiration (i.e. to ignore --mindays, and --maxdays and related settings).

	      Set days to 0 to enforce password change on next login.  (This also disables password expiration until the password is changed.)

       -E, --expire=days
	      Set the account expiration date to days after Jan 1 1970.  Set days to -1 to disable account expiration.

       -i, --interactive
	      Ask all questions when connecting to the user database, even if default answers are set up in libuser configuration.

       -I, --inactive=days
	      Disable  the  account after days after password expires (after the user is required to change the password).  Set days to -1 to keep
	      the account enabled indefinitely after password expiration.

       -l, --list
	      Only list current user's policy and make no changes.

       -m, --mindays=days
	      Require at least days days between password changes.  Set days to 0 or -1 to disable this requirement.

	      If this value is larger than the value set by --maxdays, the user cannot change the pasword.

       -M, --maxdays=days
	      Require changing the password after days since last password change.  Set days to -1 to disable password expiration.

       -W, --warndays=days
	      Start warning the user days before password expires (before the user is required to change the password).  Set days to 0	or  -1	to
	      disable the warning.

EXIT STATUS

       The exit status is 0 on success, nonzero on error.

NOTES

       Note  that "account expiration" (set by --expire) is distinct from "password expiration" (set by --maxdays).  Account expiration happens on
       a fixed date regardless of password changes.  Password expiration is relative to the date of last password change.

libuser 							    Nov 8 2012								 lchage(1)
All times are GMT -4. The time now is 10:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy