secure password storage manager

Discussion in 'Computer Security' started by Tomasz, Jan 26, 2006.

  1. Tomasz

    Tomasz Guest

    I'm looking for software solution, that would keep passwords and other
    confidental data (i.e. pin numbers) in one, secure database.
    This application should meet following requirements:
    - very strong encryption of stored informations
    - multi-user access
    - user should have access only to data specified by admin
    - strong authentication - access to this application should be protected
    by i.e. usb pen drive with certificate, or RSA SecurID.
    - there shouldn't be feature like 'export' data - secured data should be
    view only, without possibility of copy it to the text file or clipboard.

    I'm not interested in Singe-SignOn solutions.

    I found one solution - Access Manager (www.accessmanager.co.uk) but
    access to this application is protected by 'master password' - this is
    poor solution, and it is not acceptable.
    Any ideas?
    Tomasz, Jan 26, 2006
    #1
    1. Advertising

  2. Tomasz

    ~David~ Guest

    There are ways of securing mysql, so that even the database admins
    cannot see the whole data base, and using OpenSSL to secure the data
    on the disk.

    But AFAIK, preventing the "exporting" of data from something like
    the ctrl-c copy command or a screen-shot utility is difficult at
    best (and if you're really paranoid, think about the fact that they
    can always use a camera to take a picture of the screen...)

    Good luck,
    ~David~

    Tomasz wrote:
    > I'm looking for software solution, that would keep passwords and other
    > confidental data (i.e. pin numbers) in one, secure database.
    > This application should meet following requirements:
    > - very strong encryption of stored informations
    > - multi-user access
    > - user should have access only to data specified by admin
    > - strong authentication - access to this application should be protected
    > by i.e. usb pen drive with certificate, or RSA SecurID.
    > - there shouldn't be feature like 'export' data - secured data should be
    > view only, without possibility of copy it to the text file or clipboard.
    >
    > I'm not interested in Singe-SignOn solutions.
    >
    > I found one solution - Access Manager (www.accessmanager.co.uk) but
    > access to this application is protected by 'master password' - this is
    > poor solution, and it is not acceptable.
    > Any ideas?
    ~David~, Jan 27, 2006
    #2
    1. Advertising

  3. Tomasz

    Watson Ladd Guest

    Why not a perl script? Take client names or SHA-2 of client names and
    use as keys into a DBM file with some postfixes:
    :data for protected data
    :readers for a list of allowed readers
    :writers for list of allowed writers

    Then use some authentication and a server, and problem solved until you
    need to read the code ;-)
    Watson Ladd, Jan 29, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dirk
    Replies:
    4
    Views:
    1,461
  2. Jim
    Replies:
    1
    Views:
    619
    =?ISO-8859-2?Q?Rafa=B3_=A3o=BFy=F1ski?=
    May 8, 2005
  3. Kompu Kid
    Replies:
    5
    Views:
    1,461
    Wai Doan Hsu
    Aug 2, 2004
  4. Replies:
    0
    Views:
    558
  5. Replies:
    0
    Views:
    601
Loading...

Share This Page