Return-Path: 
 <dev-return-63710-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id AB24E11DE1
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Tue,  2 Sep 2014 19:33:46 +0000 (UTC)
Received: (qmail 26559 invoked by uid 500); 2 Sep 2014 19:33:46 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 26511 invoked by uid 500); 2 Sep 2014 19:33:46 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 26500 invoked by uid 99); 2 Sep 2014 19:33:45 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Sep 2014 19:33:45 +0000
X-ASF-Spam-Status: No, hits=0.7 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [109.72.87.139] (HELO smtp02.mail.pcextreme.nl) (109.72.87.139)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Sep 2014 19:33:40 +0000
Received: from [IPv6:2a02:f6e:8007:0:f0d4:f37e:f5f2:7e1a] (unknown
 [IPv6:2a02:f6e:8007:0:f0d4:f37e:f5f2:7e1a])
	by smtp02.mail.pcextreme.nl (Postfix) with ESMTPA id 49B4541368
	for <dev@cloudstack.apache.org>; Tue,  2 Sep 2014 21:33:18 +0200 (CEST)
Message-ID: <54061B7E.9090300@widodh.nl>
Date: Tue, 02 Sep 2014 21:33:18 +0200
From: Wido den Hollander <wido@widodh.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: dev@cloudstack.apache.org
Subject: Re: Storing passwords in the DB
References: 
 <CACOnxCjP864cZPm5gpF8wm1rVkiYNkLiLEJcLYTE+KhsjjrJ1g@mail.gmail.com>
	<540619BD.9060506@widodh.nl>
 <CACOnxCg-wq5KJDebTcZPqDjS66LHEhu=Fn9mXTsFahWcoZTL_Q@mail.gmail.com>
In-Reply-To: 
 <CACOnxCg-wq5KJDebTcZPqDjS66LHEhu=Fn9mXTsFahWcoZTL_Q@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org



On 02-09-14 21:29, Mike Tutkowski wrote:
> Thanks, Wido
>
> Do you happen to know a relevant class off the top of your head?
>

No sorry, but if you search for where it fetches the VNC password for 
KVM VMs you should find it.

It's probably the DB layer which does the encryption and decryption.

Wido

>
> On Tue, Sep 2, 2014 at 1:25 PM, Wido den Hollander <wido@widodh.nl> wrote:
>
>>
>>
>> On 02-09-14 21:22, Mike Tutkowski wrote:
>>
>>> Hi,
>>>
>>> I was wondering what our current "best practices" are around storing
>>> passwords in the DB?
>>>
>>> For example, if you want to store the username and password of a resource
>>> that CloudStack manages, how do we recommend storing the password?
>>>
>>>
>> Using the build-in encryption mechanism? CloudStack also saves the VNC
>> passwords for KVM that way for example.
>>
>> Wido
>>
>>   Thanks!
>>>
>>>
>
>