Re: Best practise very secure system without any password in cleartext

[Peter Crowther <pe...@melandra.com>]

On 8 March 2010 09:55, Alexander Diedler <ad...@tecracer.de> wrote:

> We have to create an Application with an Offline Client based on Tomcat and
> SQL Server on Laptops. That means, that the Laptops has an local installed
> Webserver with Tomcat and a local installed SQL Server (Full oder Express
> Edition 2005). Now, in case to stolen laptops it is very unsecure to wrote
> the sa user with uncrypted password in some properties files. My idea was,
> to manage the whole communication direct with the SQL database instead of
> tomcat-users.xml. It is possible to make a full working system without any
> local stored password in the properties file? It is possible to use Windows
> internal Kerberos (etc) authentication with domain users etc and start the
> SQL Server and Tomcat Server with Serviceaccounts?
>
> You can certainly start both using service accounts and use Windows
authentication - both the jTDS and Microsoft JDBC drivers support Windows
authentication into SQL Server.

However, I'm not sure what this buys you, as a cracker who knew what they
were doing could simply add their own code to a webapp to extract whatever
details they wished from the database, with the same credentials as the
webapp.  Of course, that webapp should not connect to SQL Server using sa,
or in fact anything in the sysadmin or dbo roles.  At this point, assuming
you keep a different password for each machine, I cannot see why Windows
authentication is significantly more secure than storing the account's
password in cleartext.

Also, if you are taking the laptops offline, I would be *very* cautious
about using domain accounts as service accounts.  Windows will cache domain
credentials for some time, but not for ever.  You do not want the
application to fail due to losing the cached credentials.

- Peter