Ticket #1792 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

RFC-18: Encryption of database connection passwords in mapfiles

Reported by: dmorissette Assigned to: dmorissette
Priority: high Milestone:
Component: MapServer C Library Version: 4.8
Severity: normal Keywords:
Cc: mapserver@geochem.de

Description 

This bug is to track the implementation of RFC-18 in MapServer 4.9. From the RFC:

------------------------

Overview
--------

This proposal provides a mechanism to protect database connection passwords used
inside mapfiles by encrypting them instead of including them in plain text.

Technical Solution
------------------

MapServer will be extended to allow the use of encrypted passwords as part of
the CONNECTION string for the following layer types:

    * Oracle Spatial
    * PostGIS
    * ESRI SDE
    * OGR

The Tiny Encryption Algorithm (TEA) at
http://www.simonshepherd.supanet.com/tea.htm will be used for the
encryption/decryption functions.

------------------------

See the RFC at http://mapserver.gis.umn.edu/development/rfc/ms-rfc-18 for full
details.

Attachments

tea.htm (8.2 kB) - added by dmorissette on 05/31/06 11:07:45.
Copy of http://www.simonshepherd.supanet.com/tea.htm
source.htm (19.3 kB) - added by dmorissette on 05/31/06 11:08:06.
Copy of http://www.simonshepherd.supanet.com/source.htm

Change History

05/31/06 11:06:28 changed by dmorissette

  • status changed from new to assigned.
Going ahead with implementation using TEA as per RFC-18

05/31/06 11:07:45 changed by dmorissette

  • attachment tea.htm added.

Copy of http://www.simonshepherd.supanet.com/tea.htm

05/31/06 11:08:06 changed by dmorissette

  • attachment source.htm added.

Copy of http://www.simonshepherd.supanet.com/source.htm

06/04/06 12:58:47 changed by mapserver@geochem.de

  • cc set to mapserver@geochem.de.

08/11/06 13:26:50 changed by dmorissette

  • status changed from assigned to closed.
  • resolution set to fixed.
Done.

This was implemented and committed to 4.9 CVS earlier in June. The bulk of the
implementation is in the new file mapcrypto.c and the new command-line utility
msencrypt.c. The driver-specific files only needed very minor changes to add a
call to decrypt the connection string before using it.

The changes to mapogr.cpp and maporaclaspatial.c was committed to CVS back in
June, they have both been well tested and haven't shown any side-effects.
Support for encryption in mapsde.c and mappostgis.c was also implemented at the
time but not committed to CVS since I had no way to test. I have committed those
two files a few minutes ago.

08/11/06 13:55:27 changed by dmorissette 

I just added docs for the msencrypt utility in the "Utility Programs" manual on
the Mapserver website:
http://mapserver.gis.umn.edu/docs/reference/utilityreference/msencrypt

We also need to add something in the user documentation explaining how this
works. Here are some basic usage steps, there won't be much more to add in the
final docs really, perhaps just an intro and a couple of additional examples.

--------------------------

1- Create an encryption key using the new msencrypt command-line utility:

  msencrypt -keygen /path/to/mykey.txt

2- Set MS_ENCRYPTION_KEY in your mapfile (or in an env. var.) to point to the
encryption key:

  CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"

3- Encrypt portions or full connection strings using msencrypt:

  msencrypt -key /path/to/mykey.txt <string_to_encrypt>

4- Embed the encrypted strings in a CONNECTION string in the mapfile:

  CONNECTIONTYPE ORACLESPATIAL
  CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"

--------------------------