Best practice for securing sensitive data in plain text file?

Currently I am working on a C linux daemon that takes user input for an SQL connection string, then stores the information into a local conf file (client side). The purpose of the daemon is to submit data to an SQL database at a set interval in that every time the daemon is loaded it will look to the local conf for the SQL connection string. Also by using the command line argument -c, the user can reconfigure the SQL connection string in the event that the information changes. Would anyone be willing to share a way of securing this conf file so that it is not plain text. Keep in mind that I still need to be able to access and read in from the conf file as there is other conf settings present. Thanks in advance guys.

Edit: I do eventually plan to use SSL to submit the data between the client side and the SQL server.

Answers


The (only?) way to secure the file is to change its permissions to make it readable only to the user that runs the daemon.

Eg. if you are running the daemon as user 'foo' and group 'foo', you should:

chown foo.foo my-conf-file
chmod 600 my-conf-file

(Or even chmod it to 400 to prevent accidental modification, but I guess in this case you'll lose the -c option functionality).

NOTE: Also remember that it is quite dangerous to pass connection strings on the command line since they will be visible from the process listing!

You could also use some GPG stuff to encrypt the file, but I don't see the point there since then you have to protect the key you use to decript the file, and you get the exact same problem as before.


Need Your Help

Syntax error at template specialization GCC, but not MSVC

c++ templates visual-c++ gcc syntax

The following code compiles fine using MSVC 2008. When you build GCC climbs a lot of errors (error after the code). What should be done to solve the error?

Web2Py minimal User authentication (username only)

python database authentication web2py

I did not find anything on the web and so I'm asking here.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.