Application to Application authentication models....
From: r s (richard.scott@bestbuy.com)
Date: 01/28/03
- Previous message: Timo Sirainen: "Re: safe strcpy()?"
- Next in thread: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."
- Maybe reply: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."
- Maybe reply: r s: "Re: Application to Application authentication models...."
- Maybe reply: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Jan 2003 20:46:09 -0000 From: r s <richard.scott@bestbuy.com> To: secprog@securityfocus.com('binary' encoding is not supported, stored as-is)
Greetings all,
I am posting this here in teh hope to get some direction as to where next
to look. This ismore of an architecture question and not specific to
programming.
Given an enterprise Java, LDAP and Small PKI infrastructure what would be
a recommended solution to securing connection credentials to database
systems, queues etc.
Given that applications can be built in Java and the logical storage of
credentials to be stored in LDAP. What authentication mechanism, model,
architecture best allows applications legitimate access to LDAP schema to
obtain sensitive data such as connection credentials to database systems?
The idea is to have developed applications use a framework to securely
obtain correct credentials for the applications based in environments in
DEV, QA and PROD.
Thus given some environment, the application executred within the
framework and requests to connect to the HR database, for example. The
application then must be authenticated and if successful, the framework
obtains the connection credentials to build a connection to the database.
By running the same code in QA, the credentials for the QA database is
given, not the production one. A call for the production database from a
QA server is prohibited.
Any ideas of how this can be enforced?
cheers
r./
- Next message: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."
- Previous message: Timo Sirainen: "Re: safe strcpy()?"
- Next in thread: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."
- Maybe reply: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."
- Maybe reply: r s: "Re: Application to Application authentication models...."
- Maybe reply: NESTING, DAVID M (SBCSI): "RE: Application to Application authentication models...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
