1

I'm looking for a way to store a database password on the working machine so that my own application can read it (in order to connect to the database) but a user without administration rights cannot read it. It must be possible for an administrator to change the password, preferably automatically.

What I have in mind is something like the .pgpass file for PostgreSQL in a Linux environment. Is this possible in a Windows environment as well?

I think the password file can be made accessible for administrators only. But can a program, which is executable for the user, access this file as well? Further, is it possible with the help of group policies to distribute such a file via the network?


Other solutions that I'm thinking about (probably with more effort):

  1. Encrypt the password file. Only the application and the administrators have the valid keys to decrypt and change / read the file.
  2. Retrieve the password from a network resource, presumably encrypted as well.
2
  • 1
    You can achieve this, in Windows 8.0+, by mounting a Bitlocker encrypted.VHDX file. I am not sure "what application" you refer to. You can also accomplish this by using EFS on editions of Windows that support EFS. If you use EFS, you can store the password in plain text, due to the fact all files within the user's profile are encrypted and accessible to only users with the certificate.
    – Ramhound
    Commented Jan 31, 2018 at 15:59
  • @Ramhound I'm refering to my own application that I will develop (question edited). I will look into the Bitlocker topic if this is a possible way. It would be cool get access to it with C# APIs.
    – Markus L
    Commented Jan 31, 2018 at 16:11

2 Answers 2

1

In answer to your question about administrator access only-

Windows executes services with the user's permissions (unless you specifically run as administrator or a different user), so if the user doesn't have access to a file, neither will the program.

In answer to the group policy question-

Yes, you can use group policy to distribute files through Group Policy Preferences. (See: https://www.adamfowlerit.com/2016/07/group-policy-preferences-replace-existing-file/)

1
  • Thanks on clearing that up on the user rights - that sounds logical. Also thanks for the link - that'll get me started.
    – Markus L
    Commented Jan 31, 2018 at 16:09
0

If anybody is interested: I came up with the following solution.

The password is stored encrypted in an XML file (the "password container"). The container can be opened and edited with an administrator password. The encryption is symmetric. The container is placed on a network ressource, simply within a network directory.

The application is given the location of the password container and is able to open the password container because the administrator password is deposited in the code.

I know that this solution is not 100% secure because passwords should not be stored in the code. However, for these requirements (the database password shall be hidden from the user, the database password must be administrable), the solution is good enough.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .