1

There's an application that is capable of spinning up nodes for HA. All nodes need to be synchronized with a configuration file that contains the credentials of all the admins.

The current solution is through a RESTful GET request to pull the config file to the newly created node.

  • The request is over HTTPS.
  • The request requires admin authorization through an API token.
  • The config file is not encrypted in transit (apart from being sent over HTTPS)
  • The config file contains admin usernames in plain text
  • The config file contains admin passwords in a HASH+SALT format
  • All nodes need the full config file

The security of the configuration file and its contents is the main issue. The admin credentials more specifically.

The risk is someone being able to access the file in transit or over the REST API. For instance other admins can request this file and see all the admins usernames and their hash+salted passwords.

Is there a more secure way of doing this?

ismisepaul
  • 123
  • 3
  • Can you specify your threat model? I.e. specifically _what_ you are trying to secure? – forest Sep 14 '18 at 01:51
  • The security of the configuration file and its contents. The admin credentials more specifically. – ismisepaul Sep 14 '18 at 10:57
  • What do you mean by secure channel? HTTPS? IPSec? How is the admin authorization performed? Is the config file encrypted in transit? Is the risk someone being able to access the config file (in transit, from the source location, from the individual nodes once synchronised)? Do all nodes need the full config file, or could they work with a subset? It's not clear what your risks are from this description, which makes the question too broad as it stands currently. – Matthew Sep 18 '18 at 08:07
  • @matthew I've updated the question with answers to your questions. Hopefully that's a bit clearer – ismisepaul Sep 19 '18 at 09:34

0 Answers0