Menu
I am working on a C++ project that needs to access database for reading its input.
So far, we used a default username(postgres) and a 'fixed clear text' password stored , along with many other settings, in a xml based configuration file.
Now what I need is to hide password from users when I supply the configuration file.
FYI: the development area is linux, database is postgresql. we would like to give users the config file to connect to database and use it without knowing the password
I will appreciate if you suggest a quick and easy reference.(a small reading material will also be great)
thank you
245
You can keep the passwords in the file, but store the encrypted version of the password. Even if you were to store the passwords somewhere else instead of a config file, they should be encrypted.
You cannot prevent a ill-intentioned user from obtaining this password one way or another if you ship him the program containing it in any form.
But there are two potential solutions:
The user and password that ship with the program have a read-only access to the database;
The program don't connect directly to the database. It requests the data to a server application that can not only fetch this data from the actual database without need to give the user any password, but also can do the proper security checks to ensure this user is accessing only data he is meant to etc.
63
You can have another "hardcoded" password, used to encrypt the password in the config file. So you write the encrypted database password (db_password) to the config file, and then, when you need to access a database, you decrypt the db_password with your hardcoded password. Of course, it is still possible to recover your password using decompiler for example, but it will not be easy.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
