Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Proper password storage and retrieval for service accounts?

Most of the information that I found and read about properly storing passwords in a database say that I should Hash the password clear text with a unique salt value for each user and then store that hash in the database. But this process doesn't work for my needs...

I have a windows service written in C# that needs to connect to other remote machines in different datacenters using specific service accounts. These service accounts are like domain user accounts, but there is no real people behind them and they just have the proper permissions to carry out the service payload on each specific server. The service acount information is stored in a SQL Server table including the password for each account. Currently, I am using symmetric encryption (Rijndael) to obfuscate the passwords in the DB table. The key is saved in a separate config file that has strict access permissions.

Every time the service has a scheduled payload to run on a remote machine, I lookup the appropriate service account information on the table and decript it using the key. There is also a internal website that is basically a front-end for managing the various settings for this service, and in there the admin can view and change the password of the service accounts.

Is this a good approach to keeping things secure? Are there any obvious flaws in this scheme?

like image 642
λ Jonas Gorauskas Avatar asked Aug 07 '10 22:08

λ Jonas Gorauskas


1 Answers

Sounds sane to me.

like image 62
tobiasbayer Avatar answered Nov 11 '22 06:11

tobiasbayer