Skip to main content
Question

DatabaseConnection.xml - Password

R
Forum|alt.badge.img+2

So we've been using Jamf for about 6-7 months now at my org. I noticed during the installation and configuration that the password to connect the JSS to the Database is stored in plain-text in the Database.xml. I thought.. this is a terrible idea to leave the password in here like this, so I selected the option to not store the password. The problem? Everytime Tomcat restarts (like during monthly patching cycles of servers), I have to go in and Edit database connection and put in the correct password. At first I thought, no big deal, but this is super annoying.

How is this a thing for an "Enterprise" tool?

unknown_err
1 person likes this
  • unknown_err
    unknown_err

3 replies

donmontalvo
Forum|alt.badge.img+36
  • donmontalvo
  • Legendary Contributor
  • 4293 replies
  • June 22, 2019

Should be possible to script that has the password salted, no? Inject the password, start/restart the service, remove the password. Totally grasping at straws, but...

--https://donmontalvo.com
iJake
Forum|alt.badge.img+21
  • iJake
  • Contributor
  • 279 replies
  • June 22, 2019

This is very common. Control access to your tomcat servers and lock down what IPs/hosts can use MySQL credentials.

donmontalvo
1 person likes this
  • donmontalvo
    donmontalvo
T
Forum|alt.badge.img+31
  • tlarkin
  • Honored Contributor
  • 2721 replies
  • June 25, 2019

There is no vault or secure DB credential storage for jamf (yet). Ideally, you would gate direct access to Tomcats behind some sort of appliance like HA Proxy, Nginx, a VIP/Load balancer, etc. Then require a VPN connection or other forms of auth/access control to your direct host that is serving Tomcat. Then in your MySQL grants, be very explicit on what hosts can access the DB like mentioned above.

This doesn't negate the fact that the credentials are stored in clear text, but it does add layers of access/security to the database itself.

Reply


Most helpful members this week

Terms & ConditionsCookie settingsAccessibility statement

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings