The password for connecting to an external service from a Linux server. How should I save it on the server?
What are you doing now?
-Store encrypted passwords (in a decryptable form) in the DB
・ Encryption/decryption key is in a place where httpd cannot be read
-The login password used for DB connection is also in a place where httpd cannot be read.
I am taking measures that I can think of.
However, if i am logged in with root privileges, if i am a skillful person, everything will be revealed in a matter of hours (tens of minutes?).
How do other people store it?
Answer # 1
Well, if you enter with root privileges, you will end up getting stuck.
Even if you encrypt the password, if you look at the program, you will know how to decrypt it.
Even with digital certificate authentication, you will be taken away with the key (like a coin check)
So, there are various ideas for "don't log in as root".
Prohibit root remote login
Proceed further and prohibit logins other than the physical console (Ali if virtual server)
Appropriate firewall settings. Allow remote login only from limited devices
Sudoers passwords enforce expiration and complexity
Send emails and alerts when logged in as root
This is more intrusion detection than not logging in.
Record login history of all users and audit regularly
There is no such thing as perfect risk measures such as this, but considering the types of threats that can occur and the impacts when they occur, consensus with the responsible person and appropriate cost Should be implemented.
Avoid unrealistic measures that are less effective or costly for operation.
Furthermore, I think that it will be somewhat secure by setting the authority so that only the root and the execution user can see, as well as saving the file where the password is written in a location where web access is not possible.
- connecting to an external mysql server with c # is very slow (problem other than name resolution?)
- mysql8020 about external connection
- mysql - external table is denormalized and displayed by sql select
- Mysql error: Too many connections solution
- Mysql View the maximum number of connections and modify the maximum number of connections
- Analysis of the best way to forget passwords in MySQL 8
- MySQL open access to external networks
- centos7 mysql 57 install gives no more mirrors to try error
- mysql - innodb: table flags are 0 in the data dictionary but the flags in file /ibdata1 are 0x4800!
- php image upload not saved in directory
- php image upload image files are not saved in the directory
- [mysql/homebrew] 56 → while updating to 57, mysql does not start in 57
- about the error that occurred during the test of mysql full dump to reduce the bloated ibdata1 file of mysql on sakura rental se
- [mysql] query log is not output
- how to start multiple servers on the same host in mysql8 and perform replication
- ruby - running gem install mysql results in error: failed to build gem native extension
- error 2002 (hy000): can't connect to local mysql server through socket '/ tmp/mysqlsock' (38)