Secure RDBMS configuration

The RDBMS configuration for Bonita requires the connection details to be saved on the server in plain text files. Is there some way for this to be somehow encrypted so that users on the server cannot see the database user/password?

Along the same lines we use a properties file to store some connector details for our process (like host name, port numbers, etc.). Does anyone have any other suggestions that would be more secure?

There is no simple way to do this, as you will have read almost everywhere.

The way some people do it is as follows:

  • create a security.properties file
  • save it in an accessible folder/directory location
  • change the permissions to the folder so only Apache and Authorized persons can access the contents

In you process

  • have a pool/task script connector read the data from the protected file
  • use a script connector to build your sql statement and use this to get your data

You do not use the standard SQL connector, which as you have found is vulnerable

Yes it means storing it in a variable but it’s better than nothing, code reviews etc can be used to verify the developers don’t inadvertently use it where they shouldn’t.

regards
Seán

PS: If this reply answers your question, please mark a resolved.

Hi Sean - can you elaborate on why we should not use the standard SQL connector?

Really? You asked for Secure… :slight_smile: surely that’s a good enough reason?

Sorry for the satire…it’s early 5AM, I was awake…

By definition when using any type of system you have to store the password somewhere, this is NOT just a BonitaSoft issue by the way, it affects all software.

There are multiple reasons for not using the standard SQL Connector as follows:

Ease of updating - How may processes/Connectors do you have to edit and re-promote to production when you need to change the password? 1, 10, 100? We found this very quickly becomes a mess…Getting the password from a parameter file means one change for all. So ease of updating it is…

The use of Development vs Production Environments - Production should always use a different password from that of Development. Just imagine a developer writing a Delete process pointing it at the wrong location and, well shall we say good bye to all customers we’ve stored on the database. No we’ve not done that but we’ve got close. When exporting the Development and Promoting the process - the password will move with it…not a fan.

Now before you ask about Development vs Production environments and the use of Parameters. Parameters have to defined for each process and the configurations are set during development deployment, meaning the developers have the Production Password, not very secure is it? And before you say but you can change the password in Administrator view, you can only modify a parameter in Administrator view in Bonita BPM Performance and Efficiency editions only. This goes against Ease of updating and the (in my view) correct implementation of Development vs Production Environments.

I could go on and on, but for now I leave the most important reason to last.

As you have already found, the usernames and passwords of the SQL connector are stored in PLAIN TEXT in the diagram…yes it should be encrypted but it’s not, and should BonitaSoft encrypt it - yes, of course they should - but they don’t today.

That alone should say Do Not Use Standard Connector.

Hope this helps
regards
Seán