Differences
This shows you the differences between the selected revisions of the page.
| 2018-08-20 | 2018-09-18 | ||
| link update (martin) | explain why it's not possible to encrypt password (martin) | ||
| Line 4: | Line 4: | ||
| * The script/code is often stored in a revision control system, making the credentials easily accessible. | * The script/code is often stored in a revision control system, making the credentials easily accessible. | ||
| * The script/code may often need to be accessible on the production system for review or auditing purposes or reuse, while the credentials should not. | * The script/code may often need to be accessible on the production system for review or auditing purposes or reuse, while the credentials should not. | ||
| + | |||
| + | There's no way to store passwords in script in an encrypted way. In general, it's not possible to encrypt information in a way that still allows for its use in an automatic way. | ||
| Solution is to separate the credentials from the script/code into a configuration file. While the script/code without explicit credentials can be safely stored into a revision system and be otherwise accessible, the configuration file should be protected as much as possible. Particularly its file permissions should be restricted only to administrators (for writing) and user under which the script/code runs (for reading). The configuration file can also be encrypted, for example with [[wp>Encrypting_File_System|built-in NTFS filesystem-level encryption]]. | Solution is to separate the credentials from the script/code into a configuration file. While the script/code without explicit credentials can be safely stored into a revision system and be otherwise accessible, the configuration file should be protected as much as possible. Particularly its file permissions should be restricted only to administrators (for writing) and user under which the script/code runs (for reading). The configuration file can also be encrypted, for example with [[wp>Encrypting_File_System|built-in NTFS filesystem-level encryption]]. | ||