Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Securing passwords in production environment

Tags:

java

linux

security

We have a Java web application running on JBoss and Linux. Production environment database connection parameters come from a configuration file that only exists on the production environment app servers. That config file is only readable by the user ID that also runs the application, (let's call that user appuser) and the only people who can log into production environment servers and sudo to appuser are members of our Operations team. The production environment itself is firewalled off from all other environments.

We would like to make this more secure. Specifically we would like to prevent the operations team from reading the database connection password and other keys that are currently in the configuration file.

Another factor to keep in mind is that the operations team is responsible for building and deploying the application.

What are our options? The solution needs to support manually restarting the application as well as automatically starting the application if the OS reboots.

Update

The solution I am investigating now (tip to Adamski for his suggestion, which roughly translates into step 1):

  1. Write a wrapper executable that is setuid to a user that starts/stops the applications and owns the configuration files and everything in the JBoss directory tree.

  2. Use jarsigner to sign the WAR after it is built. The building of the WAR will be done by development. The setuid wrapper will verify the signature, validating that the WAR has not been tampered with.

  3. Change the deployment process to only deploy the signed WAR. The setuid wrapper can also move the WAR into place in the JBoss deploy directory.

like image 854
sourcedelica Avatar asked Oct 18 '11 16:10

sourcedelica

2 Answers

Why not just create a second user for the Operations team to sudo to, which only has a subset of file permissions compared with your application's user ID?

No code changes necessary; nice and simple.

like image 144
Adamski Avatar answered Oct 22 '22 10:10

Adamski

You might find it interesting to see how the Jetty folks have approached this problem:

http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords

This at least ensures that you cannot just read the password directly but need to some serious effort to get a humanly readable version.

If the Jetty license is compatible with what you want to do, you can just lift their code.

like image 34
Thorbjørn Ravn Andersen Avatar answered Oct 22 '22 09:10

Thorbjørn Ravn Andersen
Sign in to Comment

Related questions

synchronize access to a static field
How to get control over JAXBContext in JAX-WS?
Building a tag cloud with solr
Terser Coloring of a LogCat Message?
Info about the Movie class for Android
How can I read the content of the content-disposition header?
Deployment Concepts: Packaging JAR Dependencies, When & Why
Hibernate session.contains( Class clazz, Serializable id )
JFreeChart: Preserve zoom position when updating chart
No hs_err_pid.log file created and core dumped from jvm on Solaris
Read data from google docs spreadsheets
How to unit test for backward and forward compatibility?
JPA Mixed Inheritance Strategy
How I can do facebook batch fql in java
WebApp Session Management using Ehcache
Error when running sbt install-emulator
What is the best architecture for this simulator?
Saving PermGen space with several classloaders
DSL in Clojure that replaces an object-oriented software solution?
Some confusion surrounding JDBC Resources and JDBC Connection pools Glassfish

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!