Is it okay that database credentials are stored in plain text?

database django security passwords
13,792

Solution 1

You are correct that storing passwords in plaintext and in a settings.py file is not good security. You could increase security by:

  • Setting the permissions correctly (this will depend on your set up). Ideally only python should be able to read the file.

  • Storing the file out of the www or htdocs root. If at this point an attacker still has access to them, you are screwed anyways.

  • For added security, you can encrypt the connection settings using symmetric encryption (eg: AES). Store the key somewhere else. So even if someone managed to access the connection settings, they'd still need to find the key. The main drawback is that now you have to rewrite the connection method.

Solution 2

The Twelve-Factor App codified by Heroku recommends

strict separation of config from code.

This is particularly important for management of credentials, which ideally should never be committed to source control.

The django-environ library gives a nice approach to pulling most environment-specific configuration out of the settings.py file, but you could go a long way by just referencing the most sensitive bits with the standard os library, e.g. 'PASSWORD': os.environ['DBPASS']

Of course, you probably will still store some passwords in plain text somewhere, but if that file is not embedded in your codebase, it's far less likely to be leaked.

Solution 3

Yes, it's standard procedure for any database communicating program. There really isn't a "better way" to do it.

There are ways to help prevent invalid hosts from connecting (ip tables, private ip addresses), but the actual connection details are almost always plain text.

Storing the file outside of the web root will help some, but if the attacker has access to the file system it won't matter.

Share:
13,792
pancakes
Author by

pancakes

Updated on July 13, 2022

Comments

  • pancakes
    pancakes almost 2 years

    By default, the Django database host/user/password are stored in the project settings.py file in plain text.

    I can't seem to think of a better way at the moment, but this seems to be against best practices for password storage. Granted, if an attacker has access to the settings file, then all is probably already lost. Even if the the file were encrypted, the attacker would probably have the means to decrypt it by then.

    Is this okay?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

password limitations in SQL Server and MySql
Is it secure to store passwords as environment variables (rather than as plain text) in config files?
Best way to store password in database
How to securely store database password in Python?
Why encrypt user passwords?
How to configure database permissions for a Django app?
Preferred Method of Storing Passwords In Database
How to create an alias for Django Model field?
Is the c++ hash function reasonably safe for passwords?
Limit exceeded Max connections Postgres