Secure or hide database.cfg

fragnichtnach · **Author**

I am searching for an option to hide our database credentials. Currently everybody (f.e. third party company where you rent your server or a secondary tech admin for the server) could read the database access by simply reading the database.cfg.

How would it be possible to at least hide this in a smx?

So in other words, I am searching for a plugin that will write my database credentials without using a plaintext document.

**headline** · *Last edited by headline; 01-28-2018 at 04:01.*

Plugin binaries can still be decompiled to see your credentials in plain text, if you can't trust your host you shouldn't be using them. The same goes with members of your team.

fragnichtnach · 01-28-2018 , 03:31 Re: Secure or hide database.cfg

That is not helpful. I know there are decompilers. But still I need this.

Any reference how to set database credentials in a plugin?

**sneaK** · *Last edited by sneaK; 01-28-2018 at 04:09.*

At best, the only real other thing you can do (and should already be doing) is restricting connections to & from your databases to the IP's of your game server(s). Even still, this can be hijacked if someone was really trying to screw you.

I agree with Headline here - plugins can be decompiled, and there needs to be trust. If someone was really trying to get your db credentials, they would get them from decompiling your plugins. It's not like that would be a huge deterrent, it's merely a tiny bump in the road.

Edit: Also moved to the proper section, since this is a plugin request.

fragnichtnach · 01-28-2018 , 04:38 Re: Secure or hide database.cfg

Restricting the connections is a good way to get some security.

There is trust. But things might change. I don't really expect to be hacked at the moment. But I would feel better to have a way to crypto my database credentials. Hiding it in any smx out of 50 would make it not that easy to find them.

I think the correct section would be code snippets, wouldn't it?

asherkin · 01-28-2018 , 05:23 Re: Secure or hide database.cfg

Unless you were willing to enter a password at every startup, any at-rest encryption is trivially defeatable because the server has to be able to decrypt without inaccessible information.

We won't generally make changes that only make you "feel" secure, because that is a false sense of security - as things stand the exact situation is comprehendible by anyone and you know who you need to trust.

**headline** · *Last edited by headline; 01-29-2018 at 02:22.*

asherkin explanation hits this issue on the mark.

Quote:

Originally Posted by fragnichtnach

Hiding it in any smx out of 50 would make it not that easy to find them.

In regards to this, I'd like to post this 5 minute python script I made a year or so ago to contest this argument

PHP Code:


			
import os
import os.path

def get_clean_path(array):
    somestr = ""
    for x in range(0, len(array) - 1):
        somestr += array[x] + "\\"
    return somestr

path = get_clean_path(os.path.realpath(__file__).split("\\"))

for dirpath, dirnames, filenames in os.walk(path):
    for filename in filenames:
        current = dirpath + filename
        if filename.endswith(".smx"):
            print("DECOMPILING: " + current)
            os.system("java -jar lysis-java.jar \"" + filename + "\" >> output.txt")

then, you're 1 ctrl+f away...

Regardless, it's all about who you allow access to your filesys.

fragnichtnach · 01-30-2018 , 23:21 Re: Secure or hide database.cfg

Okay, thanks for explaining that there is absolutely no security. I understand this.

I have another reason why overwriting the database credentials via smx is helpful. If I want to change my database credentials on different servers any time in the future at multiple servers.
It is way easier to upload a new smx instead of opening all database.cfg and edit them individually.

Is this a better reason? Thanks for any answer.

edit: I could try to read the code out of sourcemod. Anybody know what plugin is reading the database.cfg? Not sure if that will tell me the answer... but maybe.

**Dr!fter** · *Last edited by Dr!fter; 01-30-2018 at 23:59.*

That reason is worse... if you can upload a smx you can upload a cfg... without having to compile the plugin.

fragnichtnach · 01-31-2018 , 04:17 Re: Secure or hide database.cfg

Quote:

Originally Posted by Dr!fter

That reason is worse... if you can upload a smx you can upload a cfg... without having to compile the plugin.

Obviously you are wrong, different server different database.cfg!

If you just want to change one global database it is way easier to upload one smx to all servers instead of editing all the different database.cfg s (and upload them).