Secure application user. Post: 303037780

Sponsored Content

Operating Systems Linux Secure application user. Post 303037780 by rbatte1 on Tuesday 13th of August 2019 09:31:49 AM

08-13-2019

Moderator

This seems to be a bad plan from the start. Writing passwords anywhere should be avoided. Anyone who can read the code that reads the password can probably just read the password for themselves.

A few questions:-

Why would your application need to know the password? Does it become the account for certain actions?
Could you not set up sudo access to allow people to become the account when they need to? This is auditable too.
Is this a database account or something? You may be able to define it as authorised externally to the database, i.e. the DB trusts the OS validation.
How would you use the password anyway?

It just seems a bad plan to me (sorry) and we may be able to find a better way that maybe even negates the need to have it changed regularly (i.e locked for password login entirely) so saving the Access Management team a task too.

I'm just confused and want to avoid building a service with exposures.
Robin

rbatte1

View Public Profile for rbatte1

Visit rbatte1's homepage!

Find all posts by rbatte1

8 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

F-secure application: exporting profile

Is it possible to export your saved profiles in F-secure. I have looked in F-secure's documentation, on google, here, and other places and can't seem to figure out how to do it. It seems like such a simple task...

2. UNIX for Advanced & Expert Users

any reason for a user without a homedir - security/config/application?

Hi, Can I just quick pick everyone brain here about the following: There is a security audit going on at the company I work for and one of the things that needed to be resolved was that there were a lot of users who don't have a home directory. As this is a fairly large environment of over...

3. Linux

How to delete a user account in linux bases application.

Hi, Can anyone please guide me how can I remove/block a user from a server access. /usr/sbin/adduser -d /home/john john echo ****** | passwd --stdin john I used the above command to add a user "john". How do I delete and block john. Appreciate your responses.

4. Linux

Launch application in gnome session of another user.

A gnome session is launched by UserA of System A, I am connected to userB of System B(or A) through PUTTY. I want to launch an application for eg: gedit through Putty in the display of system A. how can I achieve this. for eg:- root is logged in to System A, with gdm. DISPLAY=0.0, ip =...

5. Linux

Secure NFS mount for a single user

We have Server 1 - mounts an NFS share from another server to a users directory. Server 2 - has NFS share and the share only allows access from Server 1. How can we make sure no other users on Server 1 can access the NFS mount?

6. Programming

Questions about user authentication in my application

Hi, all, I am a newbie to linux authentication part. Questions below really puzzle me: How to authenticate users from local storage(passwd shadow) and nis server? (Without PAM) getpwnam_r() will return a '*' in the pw_passwd field of "struct passwd". I can parse /etc/shadow. But how...

7. Solaris

New user: lost application manager

Dear all, I am a beginner with Solaris. I unfortunately remove the Application Manager from the Front Panel, and I really don't know how to put it again, or from where launch it... Could anyone help me?

8. Shell Programming and Scripting

Piping to user application sometimes fail

Hi, currently, I have a problem in a stress test bash script. i�m using the following command: while true; do echo $"command" | ./myprogram; sleep 0.4; done --> myprogram is watching for stdin via select The problem is that it will work a couple of times. After that, the stdin fd...

LEARN ABOUT OSF1

dxchpwd

dxchpwd(1X)															       dxchpwd(1X)

NAME

       dxchpwd - Create or change password program

SYNOPSIS

       dxchpwd

       dxchpwd -r  | -l

       dxchpwd [-r  | -l] -q

       dxchpwd [-r  | -l] -u  username

OPTIONS

       If dxchpwd is invoked without any options, it is assumed that the current user's password is to be changed.  The following options are also
       accepted: Tells dxchpwd that the password change is to be done for a Local user. This can be combined with the -u and  -q  options.   Tells
       dxchpwd	that the password change is to be done for a NIS user. This can only be done from a NIS master and can be combined with the -u and
       -q options.  Tells dxchpwd to query the user for the user name of the account whose password is to be changed.	Tells  dxchpwd	to  change
       this user's password.

DESCRIPTION

       The  dxchpwd  command lets you change your password.  When you invoke the dxchpwd command, the program prompts you for the old password and
       then for the new password.  Next, the program asks you for the new password again, to verify that you have typed it correctly.	Note  that
       the passwords are not displayed on the screen.

       Your new password must meet the length requirements specified by the authorization database for the user whose password is being changed.

       If  your system is running with enhanced security, you may have to choose a password from a list of randomly generated passwords or you may
       be prohibited from changing your password until its minimum lifetime has expired, as specified in the authorization database.

EXAMPLES

       The following example requests that the password be changed for user smith: dxchpwd -u smith

FILES

       Password file Protected Password Database dxchpwd executable

SEE ALSO

       X(1X), xdm(1X), passwd(1)

																       dxchpwd(1X)