1

Given is a Windows desktop application (written in Java) that communicates directly with a DBMS (SQL). There is no service layer between the desktop application and the DBMS.

How can one secure the access credentials for the database and the database connection itself in a way that users without admin privileges cannot misuse them outside of the program? For example, by accessing the database directly with other programs.

Under Linux, one could potentially run the program with a separate Linux user (setuid) and assign permissions in such a way that the user launching the program cannot access the program's binary files or configuration files because they are within the permission space of the separate Linux user. Access to the process's memory space could also be prevented in this manner.

Windows runAs is not an option, because one cannot restrict it to a single program.

Improve this question
4
  • The closest way is to use a commercial obfuscator. There aren't any good solutions for this as it isn't a good design... Commented Jul 19, 2024 at 18:35
  • You can obfuscate, but you cannot secure. Commented Jul 19, 2024 at 19:03
  • @Zac67: absolutely true, but there are a lot of people that use those products. Bad design for sure. Java probably has a way to encrypt config file sections similar to.NET, but those are typically still uncoverable by those with elevated permissions. Commented Jul 19, 2024 at 21:36
  • Is there no way to isolate a program from the executing user in Windows? Commented Jul 20, 2024 at 20:54

1 Answer 1

Reset to default
0

You could use integrated authentication, and make sure all your users are granted permissions on your database, probably via group membership.

This would only work in an active directory environment.

Improve this answer
3
  • Wouldn't an attacker who can execute processes on behalf of the user still be able to abuse the database connection by either modifying the existing program or executing an additional program that uses the same mechanism to establish the database connection? Is there no way to isolate a program from the executing user in Windows? Commented Jul 20, 2024 at 20:48
  • Yes of course. If an attacker gets the creds or session of the user, of course the identity system will think they're the user. This would hold true under any operating system. Commented Jul 22, 2024 at 4:22
  • Under Linux, you can isolate a process from the user who starts a program by executing the program with another Linux user (using setuid). If you set the permissions right, an attacker who has access to the user account can start the program and use it as intended, but cannot access credentials or the user sessions because they are executed with a protected Linux user. Commented Jul 23, 2024 at 18:23

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.