Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

DB Password encryption in config file

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting DB Password encryption in config file
# 1  
Old 09-09-2016
DB Password encryption in config file
Hi Gurus,

I need to encrypt the Db passwords which are stored in a configuration file (.txt) as below:

Code:
stage_db_pwd=ABC
this is test line
content_db_pwd=123def
This is test line 2
stg_db_name=xyz

I want to encrypt all the password fields (identified by "pwd"), encrypt them in the same file. The output should look like this:

Code:
stage_db_pwd=%8hjdsk=
this is test line
content_db_pwd=!yhdskk*&=
This is test line 2
stg_db_name=xyz

Regards,
Ashish


Moderator's Comments:
Mod Comment Use code tags please.
Last edited by zaxxon; 09-09-2016 at 06:05 AM..
# 2  
Old 09-09-2016
Sure that is a reasonable thing to do? Being a configuration file, it will be read and interpreted as is when the pertaining application starts. So you would need to decrypt the password for every app. startup, then encrypt it again. Plus - but I'm leaving my safe ground now - , you'd need to apply sort of a two way or reversible (seems more an MS term) encryption as opposed to the usual password hashing/encryption/storing algorithms.
# 3  
Old 09-09-2016
This is an extremely common question but always has the same inescapable conclusion.

If your database can decrypt it at will without secrets -- so can anyone else.

Yes, but --

Encryption does not work that way.

But what if --

Encryption does not work that way.

Maybe if it --

Encryption does not work that way.

To prevent people from reading your passwords, chmod.

To prevent people getting access to something which reads the passwords, sudo.

To prevent root from getting at it... You're out of luck.

This question fools everyone eventually... I spent a long while earlier this year down a rabbithole trying to find a way to make arbitrary apache suexec secure, until I realized I was fighting what amounts to the same problem -- how to prove identity to the computer without using secrets.
# 4  
Old 09-09-2016
Depending on your database, is there a way of defining the user as identified externally, i.e. I trust them because they have logged on to the server?

With Oracle you can set this up then just need a simple sqlplus / from the command line or a script to get connected. No credentials needed thereafter. Naturally it does not work for network connections to the database as that would be insecure.



What type of database are you connecting to?


Robin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Password protected excel file without encryption or zipping

All, I have requirement to send password protected excel file in an email from unix/linux box without zipping it. Any help would be appreciated. Thanks.. (8 Replies)
Discussion started by: Durgesh Gupta
8 Replies

2. Post Here to Contact Site Administrators and Moderators

Password protected excel file without encryption or zipping

All, I have requirement to send password protected excel file in an email from unix/linux box without zipping it. Any help would be appreciated. Thanks.. (1 Reply)
Discussion started by: Durgesh Gupta
1 Replies

3. Shell Programming and Scripting

Password encryption in RHEL

I am working on a script where we are using sqlplus command to connect to Oracle DB. But the schemaname and password used for sqlplus authentication, have to be hardcoded in the script. DBconnection=scott/tiger@SID sqlplus $DBconnection Here any user who reads the script can read the... (1 Reply)
Discussion started by: max29583
1 Replies

4. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies

5. UNIX for Dummies Questions & Answers

Password encryption

if I change my password on two different servers, using the same string but the encrypted password in /etc/passwd look different. If I copy an entry from one /etc/password to the other server. I can still log in to both servers using the same password. Only now both /etc/passwd entries are... (2 Replies)
Discussion started by: C0ppert0p
2 Replies

6. Shell Programming and Scripting

Password encryption...

Hi, I have a Java app that looks for some parameters in a .properties file such as username and password. However I don't want to leave the password in a text file and I can't modify the app... Does anyone have some idea about how to encrypt/hide/etc the password so it's not freely accessible... (1 Reply)
Discussion started by: Tr0cken
1 Replies

7. UNIX for Dummies Questions & Answers

Password encryption

In unix, i know the password encrypt by using salt But how does it work? And how windows protect its password? Thank you for helping in advance (5 Replies)
Discussion started by: cryogen
5 Replies

8. Solaris

Password Encryption (SunOS 5.8)

Hi all, I have a server in the office that we connect to via telnet. Can anyone explain please how i can encrypt the password so it cannot be picked up in plain text by sniffing software like WireShark, etc.? I'm not very experienced in Unix, so any ideas or even links would be great. ... (5 Replies)
Discussion started by: de049
5 Replies

9. AIX

File password protection/encryption

Can it be done? Ive read in a few places that the crypt program no longer exists on AIX...if its do-able please tell me how. (2 Replies)
Discussion started by: rdudejr
2 Replies

10. UNIX for Dummies Questions & Answers

Zipping with password or encryption

We currently take files (via FTP) off of a mainframe and save them as a text file on our server. This is done via a script. The next thing that is done to that text file is it gets zipped (using ZIP). This all works fine, but it doesn't appear that ZIP (the free version) has any way to password... (2 Replies)
Discussion started by: dsimpg1
2 Replies
Login or Register to Ask a Question