1

We have a Word VBA application that is installed in over a 1000 computers and users use it on a daily basis. This VBA addin connects to multiple databases whose credentials are stored in a custom xml file we came up with. Our company now doesn't want to store the password in the xml file as clear text because when the application is installed on a user's machine, the xml file is also pushed to the installation folder as part of the installation and a curious user who digs into the xml can actually find the passwords to databases. They want a security feature implemented in a week, without making wholesale code changes, that will prevent users and QAs/prod support people testing the application from seeing these passwords. Since the timeframe is very limited, I came up with this idea:

  1. Having substitute strings in the xml file as a password place holder.(example below)
  2. Have a dictionary in the application itself that maps these values to the actual password.
  3. Password-protect the file that has the actual application code.

Sample Xml referred to in point 1. 

<Database-Passwords>
    <DB-Name>DB1</DB-Name>
    <Username>Username1</Username>
    <Password>FakePassword1</Password>
</Database-Passwords>

Maintain a list of key value pairs in the application code which will have (FakePasword1, RealPassword1) as key value pairs.

This will prevent the users from knowing the password. But QAs and Prod Support who step through the code and debug the application can still identify the passwords. How could this be overcome? Is there a way to secure the passwords in such a way that the application would seemlessly work with minimal code change, but users/QAs won't be able to crack the password?

Sai
  • 682
  • 2
  • 12
  • 35
  • What is the back-end database? Do you execute ad-hoc or prepared queries? Are these deployed in a domain environment? – Alex K. Feb 12 '15 at 11:41
  • It connects to a variety of databases. Sybase ASE, IBM DB2, SQL server 2008. The queries themselves are read from another xml file, based on the UI selection and executed against the connected database. It is more ad-hoc querying. The databases run on a production server hosted internally within the company. – Sai Feb 12 '15 at 12:03

1 Answers1

1
  1. Having substitute strings in the xml file as a password place holder.(example below)

UNSAFE, anyone with a little bit of knowledge could decompile your app and find out the real password. I think even opening the exe,dll with notepad could give me the real password.

  1. Have a dictionary in the application itself that maps these values to the actual password.

EDIT: probably unsafe, I didn't quite get the idea behind this one. Sounds pretty much like the first option.

  1. Password-protect the file that has the actual application code.

UNSAFE You can "password-protect" it in your OS, that doesn't mean if I try using a Linux Live CD I couldn't view the file in plain text. Also you would have to store the file password in your app (probably) and an user could do the samething I mentioned in the first option to find the password for the file.

The best way to secure your DB password is having it in a controlled access environment (a server, for example). That means you would have to create a client server arquitecture. Basically you will create a client app that will connect with the server and the server will "talk" with DB

Jhuliano Moreno
  • 929
  • 8
  • 23