all InfoSec news
Thoughts: Private Key password stored in plain text in registry
March 29, 2023, 12:21 p.m. | /u/SouthOfTheFarNorth
cybersecurity www.reddit.com
For some system an external ODBC connection has te be made, to transport customer (private) data back and forth.
Manual: [https://community.snowflake.com/s/article/How-to-set-up-ODBC-Driver-with-key-pair-authentication-to-connect-to-Snowflake-on-Windows](https://community.snowflake.com/s/article/How-to-set-up-ODBC-Driver-with-key-pair-authentication-to-connect-to-Snowflake-on-Windows)
The connection is encrypted, we had to provide the private / public keypair.
The thing is: You have to add to registry, (User hive) the local location of the private key and the password in plain text.
That worries me a bit. Do you consider this to be safe and what could happend in a worst case scenario?
back case customer cybersecurity data encrypted external hive key keypair local location odbc password plain text private private key public registry safe scenario system text thoughts transport
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Senior Security Engineer - Detection and Response
@ Fastly, Inc. | US (Remote)
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Defensive Cyber Operations Engineer-Mid
@ ISYS Technologies | Aurora, CO, United States
Manager, Information Security GRC
@ OneTrust | Atlanta, Georgia
Senior Information Security Analyst | IAM
@ EBANX | Curitiba or São Paulo
Senior Information Security Engineer, Cloud Vulnerability Research
@ Google | New York City, USA; New York, USA