Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?

On 01/31/2015 06:30 PM, Gordon Marx wrote:
> None of that matters.

Huh?

> Code goes in version control. Secrets that you want to keep secret don't. Therefore, you can't put secrets into your code.

Yes, that's why I brought up the question. We agree.

> Write the username and password into a configuration file,

That is my current approach.

> get the username and password from the environment, or use a non-password auth mechanism like an SSL certificate.

Even more non-standard, make up a new one every time the OS boots, set 
the postgres password then, too.

Because this is only used to communicate within the machine, no one else 
cares whether it changes. A file with narrow permissions is safer than 
trusting "localhost" restrictions.

-kb
BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org