Collaborate Disseminate
Some services like ejabberd, nginx for authenticating using a database, and dovecot requires providing the database password as plain text in the configuration file. Is it safe to store MariaDB password as plain text provided that processe… Continue reading Is it safe to store database credentials as plain text in the configuration file?
I have an SSH key for work that I do NOT want to be offered by the forwarding agent anywhere but the work hosts.
So I thought following ~/.ssh/config could do the trick:
Host *
ForwardAgent yes
IdentitiesOnly yes
IdentityFile ~… Continue reading Making sure that SSH key is NOT used anywhere but specific hosts
This is for an app service + database I am pushing up to Azure. I am using Key Vault + Managed Identity for the secrets. I have several connection strings in the secrets to ApplicationInsights, etc.
These connection strings have a key, pas… Continue reading What’s the tradeoff of storing a connection string vs the password as a secret?
I am trying integrate our service with SSO. I have generated the ClientID and ClientSecret.
Is it a good security practice to store the ClientID and ClientSecret as a configmap? If not, what are the alternatives for storing and using them?… Continue reading How to store ClientID and ClientSecret in a K8 Env
I am using Comodo Internet Security, and want to get access to the internet on my Windows Sandbox. If I disable the Firewall in Comodo sandbox gets internet but it exposes my PC.
I have added WindowsSandbox.exe and WindowsSandboxClient.exe… Continue reading Configure Comodo Internet Security to Allow Windows Sandbox to get internet [migrated]
I am using TPM simulator in my local VM to test FAPI API and am able to seal the important data inside directory ~/.local/share/tpm2-tss/user/keystore as per the path mentioned in config file /etc/fapi-config.json
"profile_dir":… Continue reading TPM FAPI sealing data inside /dev
I have a working cron job to backup the databases on a daily basis. I want to secure the authentication details in a mysql config file for mysqldump using –defaults-extra-file.
I know I can do the following
[mysqldump]
host = hostname
use… Continue reading Is it possible to put database in the cnf file To secure mysqldump [migrated]
I’m using an Apache Proxy with LDAP modules for authentication management. But I don’t want to hardcode the password of the LDAP service user to query the domain.
I have already used other applications that work with secure storage or wall… Continue reading How to avoid hardcoded passwords on Apache httpd config file [migrated]
In OpenVPN GUI, I am getting the red message
WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this.
I do not want to always re-type my password again and again. Is there a way to suppres… Continue reading OpenVPN: how to suppress "WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this"
My infosec officer is campaigning the use of client process-based authentication everywhere applicable for future and existing projects. For existing projects, especially for custom applications, this entails non-zero cost, not to mention … Continue reading Is process-based authentication more secure than username and password?