[mdlug] Password management application
Aaron Kulkis
akulkis00 at gmail.com
Thu Feb 19 00:04:10 EST 2015
Michael ORourke wrote:
> -----Original Message-----
>> From: Aaron Kulkis <akulkis00 at gmail.com>
>> Sent: Feb 17, 2015 4:12 PM
>> To: MDLUG's Main discussion list <mdlug at mdlug.org>
>> Subject: Re: [mdlug] Password management application
>>
>> Mathew May wrote:
>>> Hey gang, I have a question for you. I have been tasked with looking into a password manager application that can be installed in a central location, that allows multiple user accounts to be configured, and then these user can display account/password information that is approved for their level of access.
>>>
>>> Example: We want to store database user names and passwords in a central local, and we want people to be able to login and see this information, but only what they have the appropriate access for. We want the developers to only see credentials for the dev environment, not able to see production values.
>>>
>>
>> The very idea, in and of itself, is a MAJOR security violation.
>>
>> Whoever is demanding such things is incompetent.
>>
>> Good luck with the politics of this.
>>
>
> Okay, I am curious, why is this a MAJOR security violation?
> It doesn't sound like he wants to store all the passwords in a text file on a public share.
Because it makes it possible for SOMEONE ELSE to steal all the passwords.
And those aren't just any old passwords, they are passwords like
root to various machines, database admin accounts, etc.
I.e., the most valuable accounts within the company.
If someone cracks the "password manager" software, they have the keys to the kingdom.
And THAT is why it's a major security violation.
More information about the mdlug
mailing list