Ticket #1792 (closed defect: fixed)

Opened 6 years ago

Last modified 5 years ago

RFC-18: Encryption of database connection passwords in mapfiles

Reported by: dmorissette Owned by: dmorissette
Priority: high Milestone:
Component: MapServer C Library Version: 4.8
Severity: normal Keywords:
Cc: mapserver@…

Description 

This bug is to track the implementation of RFC-18 in MapServer 4.9. From the RFC:

------------------------

Overview
--------

This proposal provides a mechanism to protect database connection passwords used
inside mapfiles by encrypting them instead of including them in plain text.

Technical Solution
------------------

MapServer will be extended to allow the use of encrypted passwords as part of
the CONNECTION string for the following layer types:

    * Oracle Spatial
    * PostGIS
    * ESRI SDE
    * OGR

The Tiny Encryption Algorithm (TEA) at
http://www.simonshepherd.supanet.com/tea.htm will be used for the
encryption/decryption functions.

------------------------

See the RFC at http://mapserver.gis.umn.edu/development/rfc/ms-rfc-18 for full
details.

Attachments

tea.htm Download (8.2 KB) - added by dmorissette 6 years ago.
Copy of  http://www.simonshepherd.supanet.com/tea.htm
source.htm Download (19.3 KB) - added by dmorissette 6 years ago.
Copy of  http://www.simonshepherd.supanet.com/source.htm

Change History

Changed 6 years ago by dmorissette

  • status changed from new to assigned 
Going ahead with implementation using TEA as per RFC-18

Changed 6 years ago by dmorissette

Copy of  http://www.simonshepherd.supanet.com/tea.htm

Changed 6 years ago by dmorissette

Copy of  http://www.simonshepherd.supanet.com/source.htm

Changed 6 years ago by mapserver@…

  • cc mapserver@… added

Changed 5 years ago by dmorissette

  • status changed from assigned to closed
  • resolution set to fixed 
Done.

This was implemented and committed to 4.9 CVS earlier in June. The bulk of the
implementation is in the new file mapcrypto.c and the new command-line utility
msencrypt.c. The driver-specific files only needed very minor changes to add a
call to decrypt the connection string before using it.

The changes to mapogr.cpp and maporaclaspatial.c was committed to CVS back in
June, they have both been well tested and haven't shown any side-effects.
Support for encryption in mapsde.c and mappostgis.c was also implemented at the
time but not committed to CVS since I had no way to test. I have committed those
two files a few minutes ago.

Changed 5 years ago by dmorissette 

I just added docs for the msencrypt utility in the "Utility Programs" manual on
the Mapserver website:
http://mapserver.gis.umn.edu/docs/reference/utilityreference/msencrypt

We also need to add something in the user documentation explaining how this
works. Here are some basic usage steps, there won't be much more to add in the
final docs really, perhaps just an intro and a couple of additional examples.

--------------------------

1- Create an encryption key using the new msencrypt command-line utility:

  msencrypt -keygen /path/to/mykey.txt

2- Set MS_ENCRYPTION_KEY in your mapfile (or in an env. var.) to point to the
encryption key:

  CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"

3- Encrypt portions or full connection strings using msencrypt:

  msencrypt -key /path/to/mykey.txt <string_to_encrypt>

4- Embed the encrypted strings in a CONNECTION string in the mapfile:

  CONNECTIONTYPE ORACLESPATIAL
  CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"

--------------------------
Note: See TracTickets for help on using tickets.