1
I'm looking for a way to store a database password on the working machine so that my own application can read it (in order to connect to the database) but a user without administration rights cannot read it. It must be possible for an administrator to change the password, preferably automatically.
What I have in mind is something like the .pgpass file for PostgreSQL in a Linux environment. Is this possible in a Windows environment as well?
I think the password file can be made accessible for administrators only. But can a program, which is executable for the user, access this file as well? Further, is it possible with the help of group policies to distribute such a file via the network?
Other solutions that I'm thinking about (probably with more effort):
- Encrypt the password file. Only the application and the administrators have the valid keys to decrypt and change / read the file.
- Retrieve the password from a network resource, presumably encrypted as well.
1You can achieve this, in Windows 8.0+, by mounting a Bitlocker encrypted.VHDX file. I am not sure "what application" you refer to. You can also accomplish this by using EFS on editions of Windows that support EFS. If you use EFS, you can store the password in plain text, due to the fact all files within the user's profile are encrypted and accessible to only users with the certificate. – Ramhound – 2018-01-31T15:59:48.407
@Ramhound I'm refering to my own application that I will develop (question edited). I will look into the Bitlocker topic if this is a possible way. It would be cool get access to it with C# APIs. – Markus L – 2018-01-31T16:11:25.743