Encryption of Oracle connection passwords in mapfiles

[Frank Warmerdam]

Daniel Morissette wrote:
> We have a need to encrypt (or protect somehow) the Oracle connection 
> passwords in map files to avoid having them as plain text. I will look 
> into this some more and write a RFC, but before getting too far I wanted 
> to gather feedback, in case anyone already had their own ideas on this.
> 
> What I'm thinking of doing is creating a utility to encrypt a password, 
> that the developer would then copy/paste into the connection string in 
> the mapfile, possibly with some special delimiter to indicate that it's 
> encrypted. MapServer would decrypt the password internally and use the 
> decrypted password for the connection.
> 
> Unfortunately this requires the use of reversible encryption which is 
> not really that safe, especially when the decryption function is open 
> source, but at least makes it harder to figure the password than just 
> using plain text.
> 
> I would also like to setup a mechanism that will work for all other DB 
> CONNECTIONs so I am interested in comments from all the DB connection 
> maintainers.

Daniel,

This seems like a particularly weak sort of protection.  How do other
products handle this problem?

Best regards,
-- 
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | President OSGF, http://osgeo.org