[Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Kent Borg
kentborg at borg.org
Sat Jan 31 10:28:36 EST 2015
Related to my previous database questions...
Normally I think of a program as trusting itself, having some integrity,
maybe not even having gaping bugs or security holes. But what if I the
program I am writing is talking to another, such as Postgres? Postgres
has the ability to do passwords, so do I just put a password in my
program source? Set Postgres to only accept local connections, and hope
for the best? Seems wrong. Do I try to put both in a chroot or something?
My program already has to hope that its program files are secured by the
hosting OS, but at least if it isn't opening up a network port it stays
a rather contained problem.
(I want multiple programs talking to the database, so no, I can't just
link in Sqlite.)
Seems a general problem of securing interprocess communications.
Thoughts?
Thanks,
-kb, the Kent who knows that people Google for passwords, search github
for passwords, and get a lot of juicy results.
More information about the Discuss
mailing list