Secure user logins in applications

Question

We wish to create a Java GUI desktop application for our authorised helpdesk staff to perform their normal operations. For e.g. they often have to check log files for errors if a user called or verify database account lock outs etc.

Therefore with a click of a button, the application will "login" to the correct server via SSH api, or a database JDBC api to do the intended task. I believe for logging in to *nix servers, we can use SSH without passwords, i.e use keys. However, there would be some function that need a login and password to be hard coded into the application.

What could be a good way to do this without compromising the security of providing user name and passwords in the code?

Why not prompt the user for a password? Can't you use smartcard authentication or U2F or similar — Natanael, Nov 01 '15 at 08:42
Why not export the log files to a central location and have the user's query the logs there? (e.g. syslog, Splunk) — schroeder, Nov 02 '15 at 01:20
@schroeder, users are those that are not working in IT. So asking them to query themselves is no go. What I mean checking log files is for the helpdesk. Checking log files is only one type of function that my applicatoin will provide for the helpdesk. Sometimes, database access is needed to check some table values, among others. — Pang Ser Lark, Nov 02 '15 at 04:47
By users, I mean the helpdesk users. I think you can accomplish the same thing if you pull the necessary data into a system where the users have proper access rights. — schroeder, Nov 02 '15 at 06:53
You will find a lot of usefull information and links in the following thread (which does not limit itself to configuration files but envision all possible solutions to this issue): [Standards for encrypting passwords in configuration files?](http://security.stackexchange.com/questions/15040/standards-for-encrypting-passwords-in-configuration-files) — WhiteWinterWolf, Nov 09 '15 at 10:18

Secure user logins in applications

0 Answers0