如何在应用程序配置中管理密码 [英] How to manage passwords in application configuration
问题描述
我正在开发一个与许多外部系统 API 交互的系统.他们中的大多数都需要某种身份验证.出于可用性考虑,有一个应用程序范围可访问"的 AppConfig,用于存储配置信息以及外部系统的凭据.
I'm working on a system that interacts with many external system API:s. Most of them require authentication of some sort. For the sake of usability there is an "application wide reachable" AppConfig that stores configuration info, as well as credentials for the external systems.
我的问题是在应用程序配置文件中将用户名和密码(以明文形式)存储到外部系统是否是一个坏主意.如果是这样,你如何避免它?
My question is if it is a bad idea to store usernames and passwords (in cleartext) to the external systems in the application configuration file. If so, how do you avoid it?
为了访问配置文件,您要么必须破坏服务器的文件系统,要么破坏另一台服务器(当然也可以是任何开发人员的系统)上的 git 存储库.我一直认为在配置文件中加密密码不会提高安全级别,因为加密密钥也必须存储在某个地方.我错了吗?
In order to access the configuration file you either have to compromise the server's file system, or the git repository on another server (or, of course any developer's system). I'm been thinking that encrypting the password in the configuration file does not increase the security level, as the encryption key has to be stored somewhere as well. Am I wrong about this?
我非常感谢能解释您如何解决这个问题的答案.
I would really appreciate answers explaining how you have solved this issue.
解决方案
好的,这是我的最终解决方案.我使用 OpenSSL 创建了一个简单的库来加密和解密我的敏感数据.加载配置时,会从用户那里检索密钥,但在将其存储在文件中的生产服务器上除外.它仍然不是最佳解决方案,但它比我以前拥有的解决方案"要好得多.
Ok, so here is my final solution. I created a simple library using OpenSSL to encrypt and decrypt my sensitive data. The key is retrieved from the user when the configuration is loaded, except on the production servers where it is stored in file. It is still not an optimal solution, but it is way better than the "solution" I previously had.
感谢您的回答.我会接受韦恩的回答,因为它是最有用的.
Thank you for your answers. I will accept Wayne's answer as it was the most informative.
推荐答案
良好的安全性很难.
正如 Bruce Schneier 所说,安全是一种权衡."你必须决定你想要这些信息的安全程度,以及你想花多少时间来保护这些信息.而且您绝对不想将密码以纯文本形式留在那里,这是一个禁忌.如果您处于可以接受的情况,则您不应该进行用户身份验证.
As Bruce Schneier says, "Security is a tradeoff." You have to decide how secure you want this information, and how much time you want to spend securing said information. And you definitely don't want to leave passwords just sitting out there in plain text, that's a no-no. If you're in a situation where that's OK you're in a situation where you shouldn't have user authentication.
尽管安全很难,但您还是可以做一些事情.
Even though security is hard, there are a few things you can do.
1) 使用某种类型的编译程序进行加密/解密.您不希望有人打开 Python/perl 脚本并说啊哈,这只是一个简单的 XYZ 加密",尽管理想情况下您不想要简单的加密.
1) Use some type of compiled program to do the encryption/decryption. You don't want someone to open up a Python/perl script and say "aha, this is just a simple XYZ encryption", though ideally you don't want a simple encryption.
2) 默默无闻的安全不是真正的安全,但它可以帮助防止偶然的窥探.例如,将您的文件命名为passwords.txt"并不是一个非常好的主意,但对您的密码进行加密,然后使用隐写术将用户/密码隐藏在某个图像文件中会更好.
2) Security through obscurity is not real security, but it can help against the casual snoop. For instance, naming your file "passwords.txt" is not a terribly good idea, but encrypting your passwords and then using steganography to hide the user/pass in some image file is better.
3) 查找强加密/解密算法.其中一些已经在大多数语言中实现,您只需导入一个库即可.这可能是坏的也可能是好的,这取决于您认为自己想要这些东西的安全程度.
3) Look up strong encryption/decryption algorithms. Some of them are already implemented in most languages and you can just import a library. This can either be bad or good, depending on how secure you think you want this stuff.
但老实说,这个系统真的很糟糕 - 安全方面.理想情况下,您有一个两方身份验证,然后由受信任的中间人完成所有操作和交易.例如,当您登录计算机时,您是在告诉计算机您是授权用户.从那里你可以运行你的所有程序,他们不会询问或关心你的用户/密码组合 - 只是你是一个授权用户.他们从操作系统(中间人)那里获得这些信息.哎呀,即使 SO 使用 openID 来确定您是受信任的用户 - 他们不关心您在其他站点上的凭据是什么,只关心其他站点说是的,这是一个有效用户."
But honestly, this system is really bad - security wise. Ideally you have a two-party authentication and then the trusted middleman does all the wheeling and dealing. For instance, when you log onto your computer you're telling the computer that you're an authorized user. From there you get to run all of your programs and they don't ask or care about your user/pass combination - just that you're an authorized user. They get this information from the OS (the middle-man). Heck, even SO uses openID to decide that you're a trusted user - they don't care what your credentials are on the other sites, only that the other sites say "Yes yes, this is a valid user."
如果您可以选择,我会认真考虑切换您的身份验证模型.如果没有,祝你好运.
If you have the option, I would seriously consider switching your authentication model. If not, good luck.
这篇关于如何在应用程序配置中管理密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
