I'm building a system that has a Java Swing front end accessed a postgres database. Prior to discovering Jasypt this week, I had originally planned to use Postgres' own encryption mechanism. It worked fine, but I also now wanted the passwords over the network to be encrypted, hence why I turned to Jasypt.
Problem is, I need a fixed password to be entered into my Postgres stored function. I.e. If the input password is 'aaa' then any other inputed password into the Postgres stored function (other than 'aaa') will not match.
Is there a way to get these two encryption mechanisms to work in tandem together or do I have to dump Postgres'?
My user table:
CREATE TABLE "user"
(
id serial NOT NULL,
cryptpwd text NOT NULL,
md5pwd text NOT NULL,
...
)
Encrypting password:
cryptedPassword = crypt(passwordIn, gen_salt('md5'));
md5Password = md5(passwordIn);
INSERT INTO "user"(username, cryptpwd, md5pwd, ...)
VALUES (usernameIn, cryptedPassword, md5Password, ...);
Decrypting password:
select ..... from "user" .... where username = usernameIn and cryptpwd = crypt(passwordIn, cryptpwd);
If I cannot get the two of them to work together then I would have to dump Postgres' mechanism as I need to have encryption over the network.
Also, with regards to the database connection string and database username and password (not using any framework ... plain old jdbc connection hopefully with SSL - yet to implement), I don't think I'll be able to use Jasypt because I'd need to decrypt it at database level. Would SSL alone be sufficient for this case?
Thanks.
I think SSL alone, on every piece of the path, would be sufficient. In LedgerSMB (although we are Perl-based) we do something different and rely on SSL protected links between servers and between servers and clients. There are a few things to think about with your approach though.
We actually pass the db username and password to the middleware from the client in re-usable format (plain text) over an SSL connection, and then use another SSL connection to log into PostgreSQL to authenticate this way. This works fine, but the problem areas we face are somewhat similar to the problem areas you will. These include:
Logging. Is it possible passwords will get accidently logged? This is a concern with LedgerSMB and we take what steps we can but a badly configured server or a tampered-with program could log usernames and passwords. In our case this comes primarily on the middleware level, but in your case, query logging could do this too, right?
Is it possible credentials can be re-used unintentionally? We prevent this in a couple of ways, but it is worth considering.
On the whole, we trust SSL. There isn't much to be gained from adding additional encryption beyond that, and key management adds a lot of complexity that is not worth the marginal gains IMO.
Related
I'm using a PostgreSQL database and postgres_fdw extension to query external data.
CREATE EXTENSION postgres_fdw;
CREATE SERVER foreign_fake_database
FOREIGN DATA WRAPPER postgres_fdw
OPTIONS (host '....', port '5432', dbname 'fake_database');
When I create the user mapping to query this external database, I must write in clear, username and password:
CREATE USER MAPPING FOR fake_user SERVER foreign_fake_database
OPTIONS ("user" 'fake_user', password 'fake_password');
This method seems fragile to me for obvious security reasons so I'm looking for users feedbacks.
What are the best practices to maintain a good level of security and not have the password stored in clear ? Can I encrypt this password? With multiple users, is it okay to use the same user to connect? Doesn't it overload the system or create conflict?
From a performance viewpoint, it doesn't matter if different users are mapped to the same or to different users on the remote server, this is purely a security consideration.
There is no way to hide or encrypt the password, but you can either use a password file to store the password on the server or use an authentication method that does not require a password at all, like certificate authentication (then you could use sslkey and sslcert in the user mapping).
Note that you must set password_required to false on the user mapping to allow a non-superuser to connect without an explicit password in the user mapping. This option was introduced in PostgreSQL v13.
I'm in the middle of development and I need to test my login/password api.
Problem is in the database the password is encrypted.
I have the following information.
key
iteration
salt
Is this enough to recover the password?
By the way I can edit these values as well if that will help.
I think you misunderstood, how a password API works. You cannot reverse a properly hashed password, but you can validate an entered password against the stored hash.
To validate the entered password, you need to calculate the hash again, with the same parameters you used to create the first hash. Then you can compare the two hashes, if they match, the password was the same.
You cannot reverse PBKDF2, but you could brute-force the common passwords to see if any of them matches. If a random salt is used every time, then you will need to do that for each password independently. If a large iteration count is used then prepare for it to take very long.
First, you should just reset it.
Second, you can recover it if and only if the password was weak (assuming correctly implemented PBKDF2), and you either know which HMAC it used (probably was PBKDF2-HMAC-SHA-1 - test with a known password), or you're willing to spend time trying several and hoping.
Try a tool like oclHashcat that's designed for password cracking - note PBKDF2 generic at the end of the list of examples for this, preferably with one or more good GPUs.
Alternately, if you're just testing your password API, you can run the test vectors at my Github repository through it and see if your results are correct or not.
I need to salt a hashed(SHA-256) password using Apache Shiro. I used the following method, but it uses plainText password as a parameter. But I need to get an alredy hashed password from the frontend and salt it and store in the server side. Otherwise if I use the following method I will have to pass the plain password all the way through frontend, which is not secure. So please suggest me a way to overcome this problem.
String hashedPassword = new Sha256Hash(plainTextPassword, salt);
You cannot salt the password after it has been hashed. Salting works by combining the salt with the plain text password, and hashing the entire thing. This is why Shiro's Sha256Hash requires you to give it the plain text password.
It is common to pass the plain text password from the front end to the service layer as long as this communication is secure (e.g. HTTPS for web UIs). The only thing you should not do is store the plain text password in a database (which a correctly configured Shiro will not do) because your database may be compromised.
When passing the plain text password from the front end to your service, it will only exist in memory for a short time before being garbage collected. To obtain the password someone would have to either break your SSL connection (in which case you are screwed anyway) or compromise your server and dump the memory (in which case you are screwed anyway).
We have a postgres database which a lot of scripts connect to. Crucially, there is not a username per-script; there are a (small) number of usernames which are shared around the place.
When doing troubleshooting or performance optimising, it would be very useful to know which server SQL process corresponds (or corresponded, past-tense) to which script.
I am thinking of something like:
host=db-server dbname=whatever clientID=script1.py
I suspect the answer is "no", but my google-fu is weak.
You can explore using the "application_name" parameter. Depending on what your code is doing you can log it.
Anybody can help me regarding the database postgres?
I need to hide the value in table that was created.I need to hide the data password as like below example:
username password
ana 123
I want the password appear like *
Can anyone help me? Thank you in advance.
Take a look at pgcrypto module for some more options (like Extended DES crypt and PGP encryption). I don't recommend using MD5, because (IMHO) it's easily breakable nowadays (especially without any salt). Better choice is SHA-512 (or some of SHA-3 candidates: BLAKE, Grøstl etc.).
I think that it's good idea to check your hiding method against some (possibly GPU-accelerated) tools like hashcat. It really depends how valuable data you want to store.
The usual, and best, way is to store the MD5 of the password and compare that with the MD5 of the password entered. It fairly safe (but brute force can crack it given enough time).
One standard method of doing that sort of hiding is by creating a view, with all columns except the password column (or all columns, then '*' AS password). For the db user the application uses to connect, grant read access to the view, but remove read access for the source table. That way there is no chance of the application gaining access to the field.
Something like:
CREATE VIEW visible_users AS
SELECT username, '***' as password
FROM users;
Then make sure the privileges are managed appropriately:
REVOKE ALL ON users FOR app_user;
That said, you probably shouldn't be storing passwords in a database in plaintext -- it's a major potential security issue.