Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Thanks for the feedback!!

Technically, you could already host the database on a secondary server. Either way, there has to be a conduit to the application server (which can be exploited). Adding a second host to the setup (for smaller applications), will not make your users happy. Additionally, the DB credentials also are stored somewhere (code or other place). To be honest, I don't know that many applications that use an outside authentication service for the system keys/passphrases. There's always systems like TACACS+, RADIUS, LDAP but in some way, shape or form, they all require a key of their own to confirm and with the key, it's fairly simple to decode the authentication stream and find out the functional credentials. What I meant by password recovery is that if you 'forget' the encryption keys, there's no way of easily changing the keyphrase. I agree that a passphrase on startup sounds a good idea but it still needs to be stored somewhere, even in memory.. Plus, it's preventing a normal startup process. I can't recall any applications that take this approach. Having a compiled application, for instance, to hide the keyphrase is only slightly less effective as it should be fairly easy to pass the same authentication request as the script is using.

... I'm belgian but I don't play one on TV.

In reply to Re^4: OT: Storing encryption keys securely by Beatnik
in thread OT: Storing encryption keys securely by Beatnik

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others having an uproarious good time at the Monastery: (6)
    As of 2021-04-23 18:36 GMT
    Find Nodes?
      Voting Booth?

      No recent polls found