Encrypting powershell passwords

I have a powershell script that connects to a MySQL database - Of course this connection needs a password and I would like to encrypt the password in some way, as opposed to storing the password as plain text.

I have looked into the securestring methods, outputting the password to a file, however I don't think they will work because the encrypted password can only be decrypted by the original user, and the script is going to be distributed onto a number of machines across the network.

Any suggestions on any other methods that would be useful?

Thanks


If the script is going to be distributed onto a number of machines across the network then every credentials that your script is going to use will be accessible to those users and there is no way around it.

You can do two things if there are any private per-user data:

  • create a new user account in the database for every user of your program with restrictive permissions allowing them to do only the things that you want them to do and nothing more
  • have a proxy server that would authenticate them and connect to the database in their name (this is how most websites work)
  • If all of the data is public and read-only then you can either:

  • create a user account in the database for read-only access and use its credential in all of the distributed copies of your program
  • have a proxy server that doesn't authenticate users but connects to the database instead of exposing it to the public
  • Number 2 of every one of those options is generally recommended for every database with a security history of MySQL, but number 1 of both of those options would be recommended for databases like CouchDB.

    Never distribute any credentials with your program that you don't want your users to use.


    I've used this PowerShell Library http://lunaticexperiments.wordpress.com/2009/10/23/powershell-string-encryption-and-gpg/ to encrypt Oracle and Informix passwords.

    Here's an example

        #Source Encryption Functions
    . ./Library-StringCrypto.ps1
    #encrypt string using passphrase
    $encrypt = Write-EncryptedString $connString "4#&7yaoff"
    #Show encrypted string
    $encrypt
    #Decrypt string
    Read-EncryptedString $encrypt "4#&7yaoff"
    
    链接地址: http://www.djcxy.com/p/51546.html

    上一篇: C#Lambda性能问题/可能性/准则

    下一篇: 加密PowerShell密码