Best way to store a database password in a startup script / config file?

Question

So our web server apps need to connect to the database, and some other apps have startup scripts that execute at boot time.

What's the best way to store the name/password for these applications, in terms of

• security, e.g. perhaps we don't want sysadmins to know the database password
• maintainability, e.g. making the configuration easy to change when the password changes, etc.

both windows and linux solutions appreciated!

Answer 1

The best way to secure your password is to stop using one. Use a trusted connection: How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0. Then you have nothing to hide - publish your web.config and source to the world, they still can't hit your database.

If that won't work for you, use the built in configuration encryption system in ASP.NET.

Answer 2

PostgreSQL offers a nice solution for this kind of situation in their documentation. Essentially, you use ssh to bridge a port on your machine to the PostgreSQL server port on the remote machine. This has three stages of authentication:

1. Restrict access to the local port, such as only letting a particular user connect to it.
2. Set up password-less connection to the PostgreSQL host with ssh as a particular user.
3. Allow the user ssh connects as to have local access to PostgreSQL without a password.

This reduces the security to whether your user accounts are secured and your ssh configuration is sound, and you have no need of a password stored anywhere.

Edit: I should add that this will work with any database that listens to a TCP/IP port. It just happens to be described in PostgreSQL. And you will want iptables (or the equivalent off Linux) to do the port restrictions. See this.