Dear all,
If anyone has some ideas for me how to tackle the following situation:
Imagine a type of client-server application. The client application is started by a human operator with all the necessary LDAP/Kerberos in place. The server application is started automatically as a daemon process. This server application talks to an Oracle database for which it needs a connection string, username and password as a minimum.
This information is stored in a flat-text file on the system, but everything is readable : eg. EXAMPLE_DB:username
ass
Now, I know we must consider all the security all ready in place (firewalls, unix accounts with passwords, files made read-only), but ... is there some way to make the password in the flat-text file unreadable aka. encrypted and have it decrypted when needed ? The problem is that the password, when encrypted, must first be decrypted before it becomes usable to logon to the database.
Quite a lot eh?
Dominik