On 2018-07-04 15:54, Reindl Harald wrote:
Am 04.07.2018 um 15:45 schrieb Thomas Raschbacher:
I guess you could write a patch for that, but you would need to
make sure that seed is stored somewhere the admins cannot access
it, otherwise the whole thing would be pointless (or only making it
a bit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 04.07.2018 um 15:45 schrieb Thomas Raschbacher:
> I guess you could write a patch for that, but you would need to
> make sure that seed is stored somewhere the admins cannot access
> it, otherwise the whole thing would be pointless (or only maki
Am 04.07.2018 um 15:34 schrieb Mauro Mozzarelli:
> Perhaps I was not clear. Admins have to have access to dbmail.conf. But
> they cannot be be handed the DB credentials in clear
it's not possible
> Preventing admin access to dbmail.conf should not be necessary and it is
> not acceptable.
what
Hmm ..
I guess you could write a patch for that, but you would need to make
sure that seed is stored somewhere the admins cannot access it,
otherwise the whole thing would be pointless (or only making it a bit
more complicated for someone who really wants to do it).
Alternatively what would pr
Hello Thomas,
Perhaps I was not clear. Admins have to have access to dbmail.conf. But
they cannot be be handed the DB credentials in clear.
Preventing admin access to dbmail.conf should not be necessary and it is
not acceptable.
JBoss is open source too, but they appear to be having resolv
Hi.
If you used a symetric encryption you'd still have the decryption
available within the dbmail binaries, and - since it is open source -
you'd be able to look at the algorithm and still somehow decrypt the
key.
Asymetric might be slightly better, but still the same applies in the
end if so
Hello Reindl,
Please see my follow-up below. I find dbmail has great potential.
On 27/06/18 22:22, Reindl Harald wrote:
Am 27.06.2018 um 20:46 schrieb Mauro Mozzarelli:
That is correct. I was looking to secure DB access by encrypting the
credentials in the configuration file.
how do you imag
Am 27.06.2018 um 20:46 schrieb Mauro Mozzarelli:
> That is correct. I was looking to secure DB access by encrypting the
> credentials in the configuration file.
how do you imagine that to start with?
dbmail needs to authenticate against the database and so it needs the
credentials - frankly -
That is correct. I was looking to secure DB access by encrypting the
credentials in the configuration file.
I know about setting permissions, but that is quite a lightweight and
ineffective measure.
Unix sockets implies a single tier hardware deployment. That as well
does not suit the multi-
Hi.
I think Mauro meant if it is possible to have the Database credentials
themselves encrypted in dbmail.conf. - To answer that: I don't think
that is possible, but if you configure permissions properly (0600 or
maybe 0660 then noone but the dbmail user and root should have access to
it) - or de
Password encryption is mostly transparent on the application side, you
just have to choose an encryption method when you create an user with
dbmail-users - the password will be encrypted on the db and DBMail will
handle it transparently.
---
Andrea Brancatelli
On 2018-06-23 14:05, Mauro Mozzarel
Hi All,
I am new to this list, thus apologies if the question was asked before.
How do I configure securely the database authentication credentials in
dbmail.conf?
Is there a way to encrypt the password?
Thank you in advance,
Mauro
___
DBmail m
12 matches
Mail list logo
