I am working on a C++ project that needs to access database for reading its input.
So far, we used a default username(postgres) and a 'fixed clear text' password stored , along with many other settings, in a xml based configuration file.
Now what I need is to hide password from users when I supply the configuration file.
FYI: the development area is linux, database is postgresql. we would like to give users the config file to connect to database and use it without knowing the password
I will appreciate if you suggest a quick and easy reference.(a small reading material will also be great)
thank you
解决方案
You cannot prevent a ill-intentioned user from obtaining this password one way or another if you ship him the program containing it in any form.
But there are two potential solutions:
The user and password that ship with the program have a read-only access to the database;
The program don't connect directly to the database. It requests the data to a server application that can not only fetch this data from the actual database without need to give the user any password, but also can do the proper security checks to ensure this user is accessing only data he is meant to etc.