0

I just started storing all of my DB credentials in my WAR's context.xml file, and loading them through JNDI. This way, my app can reuse the same credentials in multiple areas, and I can use JNDI to retrieve them (instead of sprinkling the credentials all over my codebase).

But now I'm thinking: what if an attacker gets onto the machine wehere my Tomcat server is installed? They could go straight to my webapps/MyApp exploded directory, find & open up the context.xml directory, and voila - they can now access my database!

So what is the next step for introducing security here? Is there a way to keep all of my credentials in some keystore, and reference their labels from inside context.xml? I still would like to use context.xml so that my JDBC code can access the credentials through JNDI. If so, how does context.xml access them in a secure way? What is the normal way of dealing with security here? Thanks in advance!

  • 2
    You've got a bit of a chicken and egg problem here. If your webapp can access the DB, then any attacker who gets onto the box with the same or greater level of permission, will also be able to access the DB. Even if you add a keystore, if your webapp can open the keystore, so can the attacker. – Aurand Aug 06 '13 at 20:16
  • I think bigger problem here is logging into "machine". Isn't it? If a person can break-in door, only way you can safe is put it in some "safe" (encrypt instead of plain data). – kosa Aug 06 '13 at 20:17
  • Good point @Aurand (+1) - so what's the typical solution (I can't be the only Java developer who's struggled with this)? –  Aug 06 '13 at 20:17
  • ...or put it this way: what if I don't want other developers to know the credentials for, say, a LIVE database? I'm not just necessarily talking about mitigating an external attack, I may just want my credentials protected from wandering eyes... –  Aug 06 '13 at 20:23
  • Related question: http://security.stackexchange.com/q/37015/8857 (same concept, different language). If you don't want the other developers to have access to the credentials, don't give them the same privileges as the app. Perhaps the app can run with certain permissions and the credentials can be read only by those. – B-Con Aug 06 '13 at 20:37

1 Answers1

0

I would recommend building an encryption system that encrypts the data before it gets sent to the xml file then instead of searching for the username or whatever you encrypt the name before you search. This way even if a person managed to get into the file the wont be able to read it without having the algorithm used for encrytion and knowing exactly what they wanted to find. Well theoretically they could brute force it, but they still need to know the algorithm to do that. An easy way to handle encrytion would be to learn how to use the bouncy castle libs at http://www.bouncycastle.org/ . They have a very easy to use/learn system.

Ephyxia
  • 84
  • 2
  • 9
  • Thanks @Ephyxia (+1) - I thought of the same thing, however there's a critical flaw with this - in order for my application to read the encrypted username/password/etc. out of JNDI and decrypt it, it would need to have the key(s) to perform such a decryption. If those keys ship with the WAR file, then you might as well not even use an encryption system like this...ideas? Thanks again! –  Aug 06 '13 at 20:46
  • hmm you could encrypt the entire file using a more easilly reversable encryption method like base 64 or be sneaky and do something like learn to use the 7zip libs to zip the file and just change the extension to something random. That should make it hard to figure out for anyone who doesnt know how its encyrpted but might not be too fast if you have a big file. – Ephyxia Aug 06 '13 at 21:04