I work for a corporation, to get access to a database, they do not want me to see the password. they want to hide it in a hidden folder.
If they hid a file in a folder, and give me the path, so my webpage could read it, that would work. But I am getting the run around, alot of security jargon, and none of them know asp classic.
Is there a preferred way for me to have access to a file that I can not see the password on ? BY access, I mean using an include statement to pull the password.
Here are some questions they ask or tell me:
- Can you application utilize properties file with AES encryption on the password? We can also store the credentials to WebUser database
- Schema owner access is made ONLY through encrypted strings generated by Security Access Management Team
- o Passwords must be encrypted or obfuscated to prevent unauthorized access
as Ste5an mentioned, I did leave out some info. I use a connection string to connect to the database from a web page. and in that string I hardcode a UserID and password. so the user using the web page does not have to sign in. the userID is a process ID. I also store the passwords on another file on the server, and use include statements to retrieve the passwords. When I asked them for a password, they wanted to take over my screen, to put in the password, so that I did not see the password. Once they see my file, they do not want to put it in as text, so that I could see it. the web page only returns results, no write or update needed.
You need to clarfiy the roles of administration and development. A developer does not have to know the production passwords, but a adminstrator has to.
Thus you should simply show them how they need to setup your application.