Re: Storing paswords encrypted in DB tables.

• Previous message: microcheap: "Re: S: ssh worms FAQ"
• In reply to: pradeep: "Storing paswords encrypted in DB tables."
• Next in thread: Thomas Vincent: "Re: Storing paswords encrypted in DB tables."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 9 Oct 2004 00:56:12 -0400

In article <ck5jaf$39n$1@news.mch.sbs.de>, pradeep <xxx@xxx.com> wrote:
>Hello all,
>We were trying to have a User mgmt functionality, wherein the user can
>manage the Password of himself.

        The user (on unix, which I am presuming we are discussing)
already has the ability to change his password, using the "passwd"
command. S/he will have to give the correct old password first, but
that is as it should be. Also, quite often, the passwd program will
resist being set to too short or too simple a password. Can/will your
Oracle program do that?

>We are trying to store the pwd in Oracle DB after encrypting it.
>But I am wondering, if it is a security hole, or it goes against any CERT
>recommendations.

        My own thoughts are that it is asking for trouble, where you
can't log in as root to fix things when (not if) Oracle crashes --
unless you provide some alternate way of logging in. Oracle is a big
and complex program -- and it is usually on a different partition from
the base parts of the OS -- so you may wind up with a damaged disk which
won't let the boot complete, and it will be asking for a root login to
run fsck, and you will have no way to accomplish this. Remember, even
if Oracle lives on some other partition, until they all pass fsck, all
but the bare minimum (usually "/" and perhaps '/usr" will not be
mounted, so Oracle can't run. (Yes, it is possible to manually mount
filesystems which are still good -- but not if you can't log in as root. :-)

>Also We wanted the User mgmt from our Web LMT.
>We were thinking of managing the user pwds in both Solaris OS as well as
>Oracle DB( Because we want our users to OS users also).
>Can we change the password of Solaris user programatically?

        There are ways -- but most of them risk exposing the password to
scanning of environment variables or command lines (all available
through the "ps" command with the right options. The passwd command
does not accept either the old or the new password on the command line,
and as close to immediately as possible nulls out the password being set
as soon as it is verified (second entry matches the first) and the
encryption is started.

        Later systems have a (sometimes optional) alternative password
file which is *not* user readable (sometimes "/etc/shadow", sometimes
some other name), which contains the actual encrypted password, while
the normal (user-readable) /etc/passwd file only contains an 'x'.

        I don't know what CERT says about this scheme of yours, but *I*,
for one, would not trust it on *my* systems.

        Good Luck,
                DoN.

-- 
 Email:   <dnichols@d-and-d.com>   | Voice (all times): (703) 938-4564
	(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
           --- Black Holes are where God is dividing by zero ---

• Previous message: microcheap: "Re: S: ssh worms FAQ"
• In reply to: pradeep: "Storing paswords encrypted in DB tables."
• Next in thread: Thomas Vincent: "Re: Storing paswords encrypted in DB tables."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]