Quantcast

How to protect Postgres password in my app?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to protect Postgres password in my app?

Basil Bourque
I'm an experienced programmer, but for the first time I'm developing an app that connects to a Postgres server over the internet.

How do you secure the password used to connect to Postgres?

My idea is to have a single user, representing my app, defined in Postgres. Then separately I'll have my own table to track each human user. I've learned about BCrypt and Postgres' encryption functions "crypt" etc. to securely store the human user's password as a value in a row in my own "user_" table.

But how do I secure the app's password to connect to Postgres?

a) I assume I should encrypt the connection with SSL. I'm learning about SSL certificates now. Is that the way to go? Would you consider that to be required in any serious business app connecting to Postgres over the Internets?

b) Hard-coding the app's Postgres password in the app's source code seems less than ideal to me. Is there some better way?

-- If the app is built in Java, I've heard that Java is very easy to de-compile and thus expose the password. Other languages such as Real Studio (REALbasic) may be not suffer that vulnerability.

-- Hard-coding means I'm not free to change the password on the server. To change the password, I would have to upgrade all my users simultaneously.

c) Should I manage all my human users as Postgres users? Is trying to manage the passwords on my own a dumb idea?

--Basil

--
Sent via pgsql-novice mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to protect Postgres password in my app?

Stephen Cook-2
On 5/10/2011 4:07 PM, Basil Bourque wrote:

> I'm an experienced programmer, but for the first time I'm developing an app that connects to a Postgres server over the internet.
>
> How do you secure the password used to connect to Postgres?
>
> My idea is to have a single user, representing my app, defined in Postgres. Then separately I'll have my own table to track each human user. I've learned about BCrypt and Postgres' encryption functions "crypt" etc. to securely store the human user's password as a value in a row in my own "user_" table.
>
> But how do I secure the app's password to connect to Postgres?
>
> a) I assume I should encrypt the connection with SSL. I'm learning about SSL certificates now. Is that the way to go? Would you consider that to be required in any serious business app connecting to Postgres over the Internets?
>
> b) Hard-coding the app's Postgres password in the app's source code seems less than ideal to me. Is there some better way?
>
> -- If the app is built in Java, I've heard that Java is very easy to de-compile and thus expose the password. Other languages such as Real Studio (REALbasic) may be not suffer that vulnerability.
>
> -- Hard-coding means I'm not free to change the password on the server. To change the password, I would have to upgrade all my users simultaneously.
>
> c) Should I manage all my human users as Postgres users? Is trying to manage the passwords on my own a dumb idea?
>
> --Basil
>

Who are you trying to protect the password from?

SSL will protect it in transit (e.g. against "evil" nodes along the way,
or someone listening in), but not against anyone who has access to your
app itself (your users). You can't really protect it from users; even if
you encrypt it on the client end the app will have to decrypt it for use
and tech-savvy users can get at it with a bit of effort (this is true
for any and all programming languages used).

Your best bet might be to assume that any hacker (or anyone who
downloads that one hacker's work) *will* have access to the PostgreSQL
password. Only allow the PG user minimal access to get its job done.
Then if some guy writes an "alternative" app using your "secret" PG
password, it can't do anything that the original wasn't allowed in the
first place.

More info about what you are doing would help if you want more advice.


-- Stephen Cook

--
Sent via pgsql-novice mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to protect Postgres password in my app?

Grzegorz Szpetkowski
In reply to this post by Basil Bourque
From my view if you want application that connects to PostgreSQL
server remotely over Internet, then SSL is just best suited.
PostgreSQL has built in "out of the box" SSL authentication (for both
server and client) and of course data encryption support. You can find
in documentation about it, how to set up etc.. If your data are
sensitive I suggest to use at least 2048 bit RSA key
(http://csrc.nist.gov/publications/PubsSPs.html SP 800-57). You don't
need any password (hm, you can optionally encrypt private keys, but
note that on server side this require giving password with every
postmaster startup) Are you using JDBC library ? I think that this lib
supports SSL connection.

Regards,
Grzegorz Szpetkowski

2011/5/10 Basil Bourque <[hidden email]>:

> I'm an experienced programmer, but for the first time I'm developing an app that connects to a Postgres server over the internet.
>
> How do you secure the password used to connect to Postgres?
>
> My idea is to have a single user, representing my app, defined in Postgres. Then separately I'll have my own table to track each human user. I've learned about BCrypt and Postgres' encryption functions "crypt" etc. to securely store the human user's password as a value in a row in my own "user_" table.
>
> But how do I secure the app's password to connect to Postgres?
>
> a) I assume I should encrypt the connection with SSL. I'm learning about SSL certificates now. Is that the way to go? Would you consider that to be required in any serious business app connecting to Postgres over the Internets?
>
> b) Hard-coding the app's Postgres password in the app's source code seems less than ideal to me. Is there some better way?
>
> -- If the app is built in Java, I've heard that Java is very easy to de-compile and thus expose the password. Other languages such as Real Studio (REALbasic) may be not suffer that vulnerability.
>
> -- Hard-coding means I'm not free to change the password on the server. To change the password, I would have to upgrade all my users simultaneously.
>
> c) Should I manage all my human users as Postgres users? Is trying to manage the passwords on my own a dumb idea?
>
> --Basil
>
> --
> Sent via pgsql-novice mailing list ([hidden email])
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-novice
>

--
Sent via pgsql-novice mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice
Loading...