arcgis database connection security

2510
5
Jump to solution
05-25-2018 10:57 AM
forestknutsen1
MVP Regular Contributor

I am wondering about the password security in database authenticated connections files (e.g. connection.sde) when the password is saved in the connection file. Are the passwords encrypted in the connection file? In other words would it be possible for a users on the system to extract the password for a database user (like sde!) from a connection file? Not that we have sde user connections sitting around for the average user to stumble across but you get the idea... 

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
Esri Notable Contributor

Well they wouldn't be able to open up the .sde connection file with Notepad or anything, as it's a proprietary file, and I tried to copy the password from the password field but it doesn't let me, (doesn't work with CTRL+C either):

All signs point to "no", they won't be able to get the password.

View solution in original post

5 Replies
JonathanQuinn
Esri Notable Contributor

Well they wouldn't be able to open up the .sde connection file with Notepad or anything, as it's a proprietary file, and I tried to copy the password from the password field but it doesn't let me, (doesn't work with CTRL+C either):

All signs point to "no", they won't be able to get the password.

forestknutsen1
MVP Regular Contributor

Thanks for the feedback. I did try and open it up with notepad++ and got garbage. I am wondering because the organization that I work for has a lot of the DB power user passwords in a python dictionary as part of our local python package. Then concretions are made with code for our batch jobs using this python module. It feels week to me because any machine that has the module installed has the password deep in the python installation, if someone thought to look there or just bummed into it very bad things could happen. If the esri connection files are safe I would think a better model would be to place the power user DB connections in a folder and limit access to it. Is this how most organization do it?

0 Kudos
JonathanQuinn
Esri Notable Contributor

I'll be honest and say I wouldn't consider myself a database administrator nor very familiar with business operations, but I do have some thoughts:

1) Storing passwords in plain-text on disk is never a good idea

2) Saving the password in the connection file and moving the connection file into a location that only authorized users can access is a good idea

3) Not saving the password in the connection file and requiring users to enter the password can help make sure even if someone does access the connection file, they can't open the database. This doesn't work with batch/automated jobs

4) Using OS authentication, (Connect to Oracle from ArcGIS—Help | ArcGIS DesktopAuthenticating Database Users with Windows), is a good solution as the credentials are pulled from the user running the process connecting through the connection file, (ArcMap, scheduled task through a batch file, ArcGIS Server).

Again, no expert on this, but those are my thoughts.

0 Kudos
forestknutsen1
MVP Regular Contributor

Jonathan Quinn wrote:

1) Storing passwords in plain-text on disk is never a good idea

2) Saving the password in the connection file and moving the connection file into a location that only authorized users can access is a good idea

3) Not saving the password in the connection file and requiring users to enter the password can help make sure even if someone does access the connection file, they can't open the database. This doesn't work with batch/automated jobs

4) Using OS authentication, (Connect to Oracle from ArcGIS—Help | ArcGIS DesktopAuthenticating Database Users with Windows), is a good solution as the credentials are pulled from the user running the process connecting through the connection file, (ArcMap, scheduled task through a batch file, ArcGIS Server).

1) Yep, I could not agree more... I think our system needs to change.

2) This is how we did in my last job that had an enterprise GIS system. I have only been in my new role for a few months. I am no security expert, so when I saw this GIS batch job setup I thought I was potentiality missing some flaw in the arcgis DBA connection file model.

3) We have this setup for every day admin tasks.

4) Everyone, save GIS admins, use OSA only.

Thanks for the input. I am going to suggest a change to the team...

0 Kudos
ScottCorwin
New Contributor III

With OS authentication, are you certain it pulls from the OS, and no OS based credentials are stored with the connection file?

0 Kudos