Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

How to maintain DB passwords ? Nothing in clear text

Avatar

Level 3

Hi All,

My application connects to database to get some data. Currently DB connection parameters and passwords are configured through felix console.Now the problem is anyone who has access to felix console can see the password for the DB. How do I prevent this? What is the best way of configuring these parameters?

Thanks

1 Accepted Solution

Avatar

Correct answer by
Employee

The most secure way would be to use X509 user certs and not user id and password(encrypted or unencrypted). Most DBs allow this. For example, for mysql http://www.coresecuritypatterns.com/blogs/?p=970 shows how and for mongodb,http://docs.mongodb.org/manual/tutorial/configure-x509-client-authentication/ shows how to do this.

View solution in original post

2 Replies

Avatar

Correct answer by
Employee

The most secure way would be to use X509 user certs and not user id and password(encrypted or unencrypted). Most DBs allow this. For example, for mysql http://www.coresecuritypatterns.com/blogs/?p=970 shows how and for mongodb,http://docs.mongodb.org/manual/tutorial/configure-x509-client-authentication/ shows how to do this.

Avatar

Level 10

Also - its best practice to use ACLs and not let un-authorized users access to felix console. Only admins should have access to that.