RE: secure storage of sensitive data in J2EE

[Alexander Klimov <alserkli () inbox ru>]

On Mon, 31 Jan 2005, Erez Metula wrote:
> I think that the issue here is sensitive information stored on the
> server side like connection strings, encryption keys and such. You
> can't ask the user to enter a password for this kind of information.
> Storing this information in a file in cleartext, won't protect this
> information from someone who has access to the server, for example a
> legitimate (malicious) admin user or a hacker who had managed to
> break into the system.

It is not worth worring about malicious admins: he can add a keylogger
to get the password, he can change the app to send him secret keys,
etc. You have to trust[*] your admin at least on systems where admin
can do everything (Note that in many cases even if it seems that admin
can't do everything (as, e.g., on windows) in fact he can)

[*] "In the US Department of Defense, a `trusted system or component'
is defined as `one which can break the security policy'"

-- 
Regards,
ASK