Encryption of Oracle connection passwords in mapfiles
Daniel Morissette
dmorissette at MAPGEARS.COM
Fri Mar 17 14:04:41 EST 2006
We have a need to encrypt (or protect somehow) the Oracle connection
passwords in map files to avoid having them as plain text. I will look
into this some more and write a RFC, but before getting too far I wanted
to gather feedback, in case anyone already had their own ideas on this.
What I'm thinking of doing is creating a utility to encrypt a password,
that the developer would then copy/paste into the connection string in
the mapfile, possibly with some special delimiter to indicate that it's
encrypted. MapServer would decrypt the password internally and use the
decrypted password for the connection.
Unfortunately this requires the use of reversible encryption which is
not really that safe, especially when the decryption function is open
source, but at least makes it harder to figure the password than just
using plain text.
I would also like to setup a mechanism that will work for all other DB
CONNECTIONs so I am interested in comments from all the DB connection
maintainers.
Daniel
--
Daniel Morissette
http://www.mapgears.com/
More information about the mapserver-dev
mailing list