Re: [security] password safekeep mechanism
From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Thu, 04 Jun 2009 20:01:44 +0100
Message-ID: <4A281A18.8050500_at_petefinnigan.com>
I would add that the retrieval should not allow viewing via the clipboard. Also the software should allow the generation of random passwords so that techniques such as {USER}{SID}{RANDOM} are not used, i.e. if one password is guessed then they all are.
>
> Some things I would look for:
>
> * Data should be encrypted
> * Permissions to retrieve password should be grantable on at least a user
> basis.
> Adding a group basis is nice as well.
> * Some sort of data organization that makes sense for you
> (by servers, database vendors, ... - completely configurable is best)
> * An absolute must - there should be a way to retrieve passwords from the
> command line for use in scripts.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
Date: Thu, 04 Jun 2009 20:01:44 +0100
Message-ID: <4A281A18.8050500_at_petefinnigan.com>
I would add that the retrieval should not allow viewing via the clipboard. Also the software should allow the generation of random passwords so that techniques such as {USER}{SID}{RANDOM} are not used, i.e. if one password is guessed then they all are.
cheers
Pete
Jared Still wrote:
> On Thu, Jun 4, 2009 at 3:59 AM, Amar Kumar Padhi <amar.padhi_at_gmail.com>wrote:
>
>> I want to get a general opinion on how you store or recommend password >> should be placed and shared. Thanks in advance. >>
>
> Some things I would look for:
>
> * Data should be encrypted
> * Permissions to retrieve password should be grantable on at least a user
> basis.
> Adding a group basis is nice as well.
> * Some sort of data organization that makes sense for you
> (by servers, database vendors, ... - completely configurable is best)
> * An absolute must - there should be a way to retrieve passwords from the
> command line for use in scripts.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
-- Pete Finnigan Director PeteFinnigan.com Limited Specialists in database security. If you need help to audit or secure an Oracle database, please ask for details of our courses and consulting services Phone: +44 (0)1904 791188 Fax : +44 (0)1904 791188 Mob : +44 (0)7742 114223 email: pete_at_petefinnigan.com site : http://www.petefinnigan.com Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom Company No : 4664901 VAT No. : 940 6681 14 Please note that this email communication is intended only for the addressee and may contain confidential or privileged information. The contents of this email may be circulated internally within your organisation only and may not be communicated to third parties without the prior written permission of PeteFinnigan.com Limited. This email is not intended nor should it be taken to create any legal relations, contractual or otherwise. -- http://www.freelists.org/webpage/oracle-lReceived on Thu Jun 04 2009 - 14:01:44 CDT