yellowsky
Posts: 7
Joined: Sat Dec 03, 2016 5:33 pm

How to store correctly password of custom software

Mon Nov 13, 2017 6:14 pm

Hi everyone,
I use several scriptson my Pi as send a mail from the Rpi, connect to an FTP to back up smt...

As a general rule, the passwords that allow me to access these services are stored in a configuration file.
Either in /etc/ service_name or in a configuration file of the program I created.

The problem is that if you take the SD card (or the storage device) out of the Rpi and read it on another computer (in this case I did the test under Windows), I can have access to all these passwords since I have access to the different files on the card

Do you have a safer way to store these passwords?

Thank you

broe23
Posts: 792
Joined: Thu Jan 28, 2016 9:35 pm
Location: Central IL
Contact: Website

Re: How to store correctly password of custom software

Tue Nov 14, 2017 7:39 am

Not if in ext4 format. If you are running Windows 10, you now have the ability of running certain Linux tools in it. Because most files that contain sensitive data like passwords, Kerberos can mangle the password, so can the program.
Ren: Now listen, Cadet. I've got a job for you. See this button? Ren: Don't touch it! It's the History Eraser button, you fool! Stimpy: So what'll happen? Ren: That's just it. We don't know. Maybe something bad, maybe something good.

yellowsky
Posts: 7
Joined: Sat Dec 03, 2016 5:33 pm

Re: How to store correctly password of custom software

Wed Nov 15, 2017 5:19 am

Is there any other file format to prevent this?
Because Kerberos involves an external server so i don't think i can perform this...

ghans
Posts: 7384
Joined: Mon Dec 12, 2011 8:30 pm
Location: Germany

Re: How to store correctly password of custom software

Wed Nov 15, 2017 11:34 am

Both the Linux kernel and GNOME have a keyring facility ... but this just shifts the responsibility around.

Take some time to think about following questions :

1) How does a password manager work ?
2) How does a password manager protect you against a rootkit or keyloggers ?

ghans
• Don't like the board ? Missing features ? Change to the prosilver theme ! You can find it in your settings.
• Don't like to search the forum BEFORE posting 'cos it's useless ? Try googling : yoursearchtermshere site:raspberrypi.org

Return to “Beginners”

Who is online

Users browsing this forum: Bing [Bot] and 42 guests