Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

howto encrypt passwords in configuration files, grails [and java]

I am looking for a step-by-step how to on securing passwords put in configuration files, in grails. This means securing passwords in Config.groovy and DataSource.groovy. There are a lot of google results that contains bits and pieces of the answer, but no concise guides on how to do this. Can someone please point me in the right direction? Thanx

like image 833
hvgotcodes Avatar asked Jul 26 '10 15:07

hvgotcodes


2 Answers

For Config.groovy, you could always just encrypt the password some way and then put that hash in Config.groovy, manually. When you need to use it in your code, have some code to decrypt it for you. Doesn't seem that hard.

DataSource.groovy is a different animal, however, since it is fed into the Hibernate API for you. I did see some code like this on the interwebs and it seems like it is headed in the right direction...

dataSource { 
   pooled = false 
   driverClassName = "org.hsqldb.jdbcDriver" 
   username = "sa" 
   password =  someEncryptionApiObject.decrypt(propertyFile.readProperty("MyPassword")) 
} 

...where you would encrypt the property file containing the data you need, and decrypt when needed.

like image 72
Gregg Avatar answered Oct 13 '22 18:10

Gregg


The question is: against what do you want to protect your config file? One possiblity would be to use file system encryption. Another one would be to encrypt the file with a strong password and ask for the password, when the applications starts. But consider that the application can not be restarted then without entering again the password!

Take a look at the Apache httpd documentation to see how Apache handles the same problem.

like image 26
deamon Avatar answered Oct 13 '22 18:10

deamon