Making sure these files are only readable by the webapp
user is a good first step. You can also configure Fedora
to authenticate users via LDAP. For Fedora's authentication
to the database, I don't know of anyone who has developed
an alternative to storing the password in fedora.fcfg, but
I'd be interested in hearing about ideas and/or code that
would help improve security on this front.
On Wed, Jun 25, 2008 at 11:02 AM, David N Handy <David.Handy@...> wrote:
> Hello, everyone. We've come across a slight problem. We're just about ready
> to deploy Fedora into the DMZ, but our company has strict rules against
> storing passwords in plain text. Fedora defaults to doing this with the
> database password in fedora.fcfg and with the user passwords in
> fedora-users.xml. We're confident that with enough time and money we could
> alter it in such a way as to overcome this problem, but we would love to use
> a pre-made solution if one is available. Has anyone dealt with this issue?
> Thanks for your time.
> David Handy