I am planning to deploy a site made using cakePHP. I know that the database info is stored in config/app.php without any security. It contains the username and password info. So I'm wondering when the site is live, if someone gets into my server maybe via a FTP, he/she can access app.php to access the db details. Is this the most secure way?
Related
We would like to implement the feature of remembering user's passwords in our application similar to how Microsoft SQL Server login credentials are stored.
(nothing to do with SQL server connection)
We researched and found some information on this.
However, it is not clear how the process/flow of encryption/decryption takes place, i.e, how the process of securely saving and matching of password takes place during validation process.Some of the websites also mention that the SQL login passwords can be cracked.
As per this document from Microsoft, Windows DPAPI is also being used in the form of Service Master Key (SMK) to secure data stored in database, but the actual SQL credentials validation flow is not mentioned. (We found this question as well which mentions DPAPI.)
So is there any method where we can store user's application passwords similar to SQLServer's methodology or any other secure method to ensure they are not cracked or decrypted?
We have also read that DPAPI-encrypted passwords can be cracked.
EDIT 11/05/2022:
Added screenshot of SQL Server login page, and made minor edits to content.
I have been trying to access liferay using my Active Directory account but i am not able to sign in, knowing that the users are imported successfully but it seems that liferay doesn't import the passwords. How can I solve this issue?
AD Environment: Windows Server 2012
Liferay 6.2
With LDAP you typically don't want to distribute your passwords all over - password management is on one side, e.g. on LDAP, and the password policy that applies there should carry on everywhere. When you change your password on LDAP, would you want to be able to log in to your portal with the old password? One positive aspect on having passwords in a separate system (like LDAP) is that they can't get loose should there be any security issue in your front end application (like Liferay, but by far not limited to it).
In fact, I prefer to add an SSO system, so that Liferay never even sees any password. Further, passwords are hopefully stored in a salted&hashed way, so that you can't "just get" them out of any system. Granted, during login without SSO, Liferay knows the password, but I'm actually happy when that's not written to the local database.
If you rely on your Liferay database to have your correct passwords, you should be changing your architecture. To me your description sounds like "yay, works as expected".
I want to create a publication task in Jenkins to automatically publish my database changes along with my application.
If I understood correctly, a common practice is to create a publish profile that includes the database name as well as the account (login and password) of the account used for the deployment.
This means that the deployment account username and password will be stored in clear text on each developer computer as well as on the version control server and the continuous integration server.
Even though I created a specific login and password for the deployment, it seems pretty unsecured to me.
Is there a workaround? I can only think of replacing the password within the msbuild command line on the continuous integration server.
tl;dr version
Windows Authentication is the preferred, secure method of connecting to your SQL Server instance and if it's possible to use that then it's recommended to use that for connections.
If SQL Authentication is used then the default in publish profiles is that the password isn't saved. For build servers and other shared profile scenarios you may need to accept lower levels of security (by editing the publish profile to add the password, or setting it as a parameter in the build configuration) or work around it in some other way (custom script that reads it from some kind of a secret store, such as an encrypted value).
Long version
Windows Authentication: If at all possible use Windows Authentication, giving permissions as required to users who need it. For Continuous Integration scenarios you would need to give appropriate permissions to the account the build server executes under - full details are in the recent whitepaper on the SSDT blog.
SQL Authentication: If you look at the publish profile (Open With... Xml Editor) you'll see that the password information isn't actually stored there.
If you choose "Save Password" you'll have "Persist Security Info=True;" stored in the connection string rather than the password itself.
When a connection is made to a server/database in SSDT with "Save Password" enabled, the connection info is encrypted and stored in the registry under "HKEY_CURRENT_USER\Software\Microsoft\SSDT\ConnectionStrings". This has to be present on the machine in order to successfully publish using the publish profile.
Hence in a team environment every user would need to connect at least once before that publish profile would work for them. However, the password would be safely encrypted on user machines.
For the build server, your options are more limited. One possibility is to manually log in as the build server user and then connect to the database, but this isn't very scalable. To avoid the less secure options you mentioned you'd need to implement your own logic for persisting the password securely. You can look at the Protected Data API which can be used to do something similar to what SSDT does but on a per-machine level, or use an encrypted configuration file.
If you have to use SQL Authentication I think passing the password into the publish action as part of the build configuration may be the "best" way to go in terms of a tradeoff between ease of development and security. At least that way you can restrict who can view and edit the build configuration in TFS and regular developers won't see it.
I've recently taken over a script from someone who's left the company and it recently started failing. The code looks up a specific user and sends them an e-mail.
I've nailed the culprit line that fails to be (user and passwords is set to my personal account):
my $dbh = DBI->connect('dbi:ODBC:IDM', $idm_user, $idm_passwd)
from this database the script selects the E-mail from a specified user login name.
I can't seem to find any documentation on the database IDM and was wondering if anyone knows of it?
Is it a built in Microsoft Exchange DB or Windows domain DB?
Thanks!
That line is connecting to an ODBC data source called IDM defined in the ODBC data source administrator in that system.
Ewww...
I have a feeling that the guy wrote his own database to do this particular task, and maintained that database.
I had to do something like this and used Net::LDAP to read the user's email address from the Windows Active Directory, then used Net::SMTP to write the email. Of course, your Windows Active Directory must be configured to allow for LDAP access, and your Outlook email must be configured to allow for SMTP based mail.
You can try something like Win32::AD::User to fetch the user's email address directly from Active Directory, but I have a feeling that you won't have read/write access to it.
If you can figure out how to fetch the user's information, you can try Mail::Outlook to write the actual email.
I never used either of these modules. I guess I've been lucky that my Window sites allow LDAP access and SMTP.
I spent a long time yesterday to configure for my CouchDB instance in order to create a little app and letting CouchDB manage authentication and authorizations for me.
So I ended up with something like that :
On top of everything I've got a server admin, who basically is god on my CouchBD instance.
Then I created a database named "mydatabase" (for example) and added the role "mydatabase_dba" as admin and also the role "mydatabase_user" as reader.
I also created a database named "_users" which contains all the database admins and users with their roles and also a design document named "_auth" which manages authorizations.
Only the server admin is admin of this database, and I added users with role "mydatabase_dba" as readers. Then, for those of you who knows about it, I modified the "validate_doc_update" field o the "_auth" document so that users with role "mydatabase_dba" can only deals with users with role "mydatabase_user".
So, to summarize at this point :
server admin is still god
users with role "mydatabase_user" can connect to "mydatabase" but they are just readers
users with role "mydatabase_dba" are admins of "mydatabase"
users with role "mydatabase_dba" can connect to database "_users" where they are readers
users with role "mydatabase_dba" can only manage users of role "mydatabase_user" in "_users"
Hope this is clear :D
What I can do now is create an application that will not manage users itself, but let users connect to CouchDB directly (transparently).
The problem come when it deals with users creation/update/deletion.
Because only users with role "mydatabase_dba" can access to the "_users" database and work on users with roles "mydatabase_user", I need at some point to connect to CouchDB as this db admin.
I have two solutions :
Create a user interface into my app that will let the admin connect and do what he has to do
or
Make some more code and let the app do it automatically, this is the solution I prefer, but the problem is : I have to store the admin credentials...
Sorry for the long introduction but I had to describe the landscape first :)
I created a post yesterday about how I could secure the connection between my app and the CouchDB instance : here
The solution I was given is to use HTTP over SSL (/TLS) to secure the communication. I'm okay with that, but now I have another concern, maybe I'm paranoid, but because my app will need to connect as "mydatabase_dba", I have to store its credential somewhere.
But how to store them securely ? As said in my previous post, even if I store the hashed password instead of the plain text password, if an attacker access my app source code, he'll have my admin credentials...
An application should never have an administrative rights. It should only be given the bare minim rights it needs to function. If the application needs some administrative rights, make sure it has as few as possible. Other than that, most of the time these credentials are stored in plain text in some file that only your application can access.
Never commit this text file into your source code manager (Subversion, Git, etc.)! Placing the file into a running system must be a step in the installation procedure.