All the solutions I ever heard of boil down to two approaches:
1) The secrets are stored in the computer, and protected by filesystem
permissions. This is what you have now. Ensure that the
filemode/ACL/whatever is correct to prevent unauthorized access to
the files containing the secrets. There is no way to improve on
that. Add as many layers of encryption as you like, but if the
machine can start without assistance then ultimately there must be
a secret stored as cleartext in a file somewhere, and your
security depends on protecting that file.
2) The secrets are not stored in the computer; when the application
starts, it must notify an operator and wait for him to supply the
secrets, whether by typing in a passphrase, plugging in a
smartcard, or whatever. The application cannot serve users until
a human has responded. Your security depends on the
trustworthiness of that human.
The choice is made based on whether you think you are likely to lose
more by someone breaking into the machine's privileged accounts, or by
ignoring customers until a human notices the request for secrets.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
pgpKdcI13V6Bv.pgp
Description: PGP signature
