Encryption of Oracle connection passwords in mapfiles

Daniel Morissette dmorissette at MAPGEARS.COM
Fri Mar 17 14:04:41 EST 2006

We have a need to encrypt (or protect somehow) the Oracle connection 
passwords in map files to avoid having them as plain text. I will look 
into this some more and write a RFC, but before getting too far I wanted 
to gather feedback, in case anyone already had their own ideas on this.

What I'm thinking of doing is creating a utility to encrypt a password, 
that the developer would then copy/paste into the connection string in 
the mapfile, possibly with some special delimiter to indicate that it's 
encrypted. MapServer would decrypt the password internally and use the 
decrypted password for the connection.

Unfortunately this requires the use of reversible encryption which is 
not really that safe, especially when the decryption function is open 
source, but at least makes it harder to figure the password than just 
using plain text.

I would also like to setup a mechanism that will work for all other DB 
CONNECTIONs so I am interested in comments from all the DB connection 

Daniel Morissette

More information about the mapserver-dev mailing list