2

Please do not reply with how/why it's a bad idea to embed password. I know all about them and I've already reviewed this post What's the most secure way to embed a password inside Java code? which did not provide an answer for me.

On to my issue.

I'm using SQL App Role in my program. So end users do not know what the rolename and password are, since it doesn't apply to them and it's actually a security risk if they found out what the rolename and password are.

I considered storing the role/pw in a secure remote server. But then I would have to give user permission to access the pw. Encrypting and storing the pw in a configuration file doesn't work since the decryption routine would be in the code.

Basically everything I could think of can only obscure but not secure the password.

Community
  • 1
  • 1
user2880486
  • 1,068
  • 7
  • 16
  • For as far as I know, you can use an MD5-hash library to encode it in such a way that they cant decrypt it even if they know it is encrypted with MD5, because they dont have the key. In case they CAN access the key I am afraid you're not gonna be able to store it safely, as there will always be a vulnerable login or key which only obscures the object as you yourself already mentioned. – Voidpaw Oct 31 '13 at 17:06
  • There is no solution except obscure and limit privileges of the user/roll so that a compromise of the password would not be catastrophic. – Scott Chamberlain Oct 31 '13 at 17:06
  • 4
    You're asking for something impossible. – CodesInChaos Oct 31 '13 at 17:21
  • Even if you could encrypt the pw in the code the user could still just sniff their own network connection. – paparazzo Oct 31 '13 at 18:44
  • You can't. If the user can run the client and the client can access the password then the user can access the password. You can make it obscure or convoluted, but you cannot secure it from a sufficiently resourceful attacker. – Aurand Oct 31 '13 at 19:35

1 Answers1

0

The "most" secure way? I don't know. There are ways to make it less than obvious.

One suggestion is to use XOR of some innocuous data that is in the program anyway, like "Press any key to continue."

realPassword <- SHA256(myByteArray XOR getBytes(userMessage001))

That way the actual password never appears in the code, just the method of deriving the password. You might even keep myByteArray separately in a file so it never appears in the code.

As @Aurand pointed out, all you can do it to obscure the real password. An attacker with access to the code will be able to find it.

rossum
  • 15,344
  • 1
  • 24
  • 38