What is best practice for dealing with passwords and configuration files?

Question

I'm writing an internal business application that needs to access a number of different databases. Each database needs a different password. I'm loathed to actually hard-code my passwords because if they change then Ill be forever having to modify them in my code. Not to mention the fact that there is no attempt at security in this situation!

I was thinking of having the passwords stored in a configuration file on the server. One way of handling the problem could be to store the passwords in plain text and rely on the server not allowing people to view the file. Again I really don't like this scenario as I have no idea as to who has/hasn't got access to the server.

What is considered 'best practice' for handling passwords in either a configuration file or within the code?

Answer 1

If you are using windows and are on a Active Directory domain, the best practice is to create specific domain accounts for database access, website, windows services etc, with the correct permissions.

Make sure the servers have been setup with the correct permissions for these accounts.

Start the business application with the account that has been setup. You can use runas for this. Store the different connection strings in the config file using SSPI (windows auth) - no need to store user names and passwords in configuration anymore.

Answer 2

You could encrypt sections of your configuration file that contains sensitive data such as passwords.