Encrypt MySQL Password in Batch File / Secure Batch File - encryption

I have a Windows batch file which runs periodically to update data on my MySQL database. I now want to make the batch file secure so that no-one can see the password used to connect to the database. I have thought of two potential solutions:
Encrypt the password in the batch file
Encrypt the entire file.
Id prefer to go with option 1. Is there a quick method to encrypt a password which can be used in a batch file?

Only encrypting the password just moves the problem to how you secure the decryption key.
If you're on NTFS you should secure the whole file instead. On the file properties encryption is accessed by the Advanced... button under Attributes, and access controls are on the Security tab.

Related

Encrypting and decrypting a folder

I am developing an application that'll decrypt encrypted files when a user successfully logs in. From what I understand, OpenSSL does not have a built-in function for this. So what I plan to do is zip up a folder and encrypt the zip file when I want to encrypt the directory and the reverse when I want to decrypt it. I will use the aes-256-cbc algorithm. The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder. Does anyone have any suggestions? Login credentials are verified on the server and encrypted zip files are located on the computer running the client application.
The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder.
The practice is not to use the user credentials to encrypt the data. If the user forgets his credentials, the user is done for.
Login credentials are verified on the server and encrypted zip files are located on the computer
That's actually giving you an option. If you don't want to store the encryption key on the client side, the server could send the key back as a part of the response and the client application could use it to decrypt or encrypt the data.

Store encrypted file on disk from service

I am a windows service that downloads and saves oAuth tokens and I need to store them encrypted on the local hard drive until they expire and reuse them later. The problem being a service is that I cannot ask the user for a password. Is there a safe or suggested method to secure files when storing them and prevent other processes decrypting it? My language of choice is python and it would be relatively easy for someone to find out the encryption algorithm.

How to store user uploaded files with only client side encryption?

I want to build an app where users upload files. But the owners of the server should never be able to have access to any data from the files, only encrypted content.
If I had to implement it myself using Java, I would do something like:
symmetric encryption for the files using a random key per file (or per user because I don't need per file access control). The random key is then asymmetrically encrypted (one time for each user needing access to the file) and stored along the file on the server
Users have a password encrypting their randomly generated on account creation private key stored on the server along with the public key.
The user password hash (not the password itself) is also used as an authentication password to avoid having multiple passwords but also to avoid sending the user password to the server (the server then normally computes and compares the salted hash of this hash of the password)
How can I implement a custom app like this (using libraries?, running additional servers with http APIs?, something else?) ?
I found https://www.minio.io/features.html, an http server with s3 compatible rest APIs which has "Both server side and client side encryption are supported" but couldn't find enough documentation on the client side encryption.

How to encrypt the DB password in Artifactory?

We have Artifactory OSS that currently use the default DB and we want to move to MS-SQL. According to the regular links - we need to write the MSSQL password in clear text in the db.properties file.
Can the password be encrypted somehow, so the Artifactory will know how to decrypt and use it
You should be able to activate encryption using the REST API. See the documented API.
This should create an encryption key and apply it on the db.properties where the username and password are stored.
I hope this helps.
What I found was that after switching to MS-SQL and starting Artifactory- Artifactory has encrypted the password.
In the admin->Security->Security Configuration there is a section for Password encryption that you can choose to encrypt all password in configuration files

Encrypting password for GET DATA

I am using GET DATA command for importing data from SQL server. I would like to use ENCRYPTED sub command. I can encrypt the password using Database Wizard.
I am writing the commands directly in a syntax editor, so I would like to avoid using Database Wizard. Is there any other tool for encrypting the password? I do not want to run the wizard just for the encryption of the password.
A stand alone tool for encrypting password would be nice.

Resources