Closed yeplaa closed 4 years ago
edisonxiang
commented
5 years ago Hello @yeplaa,
Thanks your suggestion for security.
I am planing to add base64 encoding for the username and password of provisioned databases in the backing mysql database, as the openshift secret does that in the same way.
What do you think about that?
yeplaa
commented
5 years ago Hello @edisonxiang,
Thank's for your reply. Base64 encodes but does not encrypt. You can easily decode base64 (for example : https://www.base64decode.org/). On openshift, it's possible to encrypt the secret : The secret in base64 is encrypted on etcd cluster with the help of an encryption provider and use a key for decrypt (cf https://docs.openshift.com/container-platform/3.11/admin_guide/encrypting_data.html)
Thank's Loïc
edisonxiang
commented
5 years ago Thanks @yeplaa I will find some ways to fix this issue:)
Hello,
From Openshift Origin, i use huaweicloud-service-broker for provision RDS Mysql and DCS Redis on Flexible Engine OBS.
Currently, all username, password of provisioned databases are stored in clear in the backing mysql database. If the backing Mysql database is corrupted, access to all other provisioned databases is possible.
Is it possible to increase the security on this part with a username / password encryption for example?
Thank's Loïc