Quote:
Originally Posted by
karumudi7
I want to store the passwords in a global file, so that all the users will not use them to login but a process should use it. One way is to keep the passwords in a .ini file and execute the file in the start of the script and use that variable.
But with this, one can echo the variable in the script and see the value.
How are you guys storing, let's say production database password, and use that in the script while writing the database connect statements.
You should do a risk analysis and determine the threats, risk and vulnerabilities and decide the best controls to use based on your risk profile.
If I read your post correctly, you are working on a linux box (which one?) or unix box (which one?) in a commercial application with multiple users with access on that server.
So, you need to look at the permissions, and so I assume the DB is not running as root (that is very unusual), so it is running as a user with certain privs.
You need to example DB privileges relative to the users on the system and come up with a strategy to mitigate risk.
Normally, users cannot read others users files if the permissions are set so others cannot read or access.
So, if your DB process can read the file with the clear text password, but others users cannot, then that is obviously one first step.
If you describe your system environment in more details and your view of the risks (in the case of compromise), then I can assist further.
There is a difference based on the risk, as I have mentioned, and you need a variety of controls (
physical, logical [meaning technical] and administrative [meaning rules in this context]) when viewing IT security controls.