Who to connect in filezilla with provided ftp credentials ?

Hello,
From my client I received ftp account and sample listing, that credentials are valid:

ubuntu@ip-CLIENT_IP:~$   ftp CLIENT.REMOTE.SERVER Connected to CLIENT.REMOTE.SERVER. 220 ProFTPD Server (ProFTPD) [CLIENT.SERVER.IP] Name (CLIENT.REMOTE.SERVER:ubuntu): SERVERUSER 331 Password required for SERVERUSER Password: 230 User SERVERUSER logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful 150 Opening BINARY mode data connection...
Code (markup):

Who to connect in filezilla with provided ftp credentials ?

Mysql Credentials in Code [duplicate]

Currently, we keep secrets, like mysql password, in our codebase in plain-text and we are planning to secure them.

From what I read, I see there are two ways to it :

  1. Keep the encrypted password in the code itself and key in the vault (like AWS KMS).
  2. Another way is to use AWS Secret manager which itself keeps the password.

What is the standard way of keeping such secrets?

Power BI Report Server keeps asking for credentials locally

I’ve installed PBIRS on my laptop to do some development.

Each time try to connect it prompts with dialog wanting me to login.

Login

If I try and connect from a remote PC using the same domain login, it recognises me and logs me in without any problems.

What do I need to change so that PBIRS accepts my connection?

PBIRS May 2020 SQL Server 2019 HP Elitebook 16Gb RAM Windows 10.

Why is ID token used instead of Access token to get temporary credentials in AWS?

After a user logons to cognito, he receives access and ID tokens. the ID token contains sensitive info like phone number, email, etc..

From all standards – ID token should not be used to gain access to an API: https://auth0.com/docs/tokens?_ga=2.253547273.1898510496.1593591557-1741611737.1593591372

In the backend, to get a session credential (to work with AWS resources) – you typically do this:

identity_id_response = boto3.client('cognito-identity').get_id(     IdentityPoolId=identity_pool_id,     Logins={         provider: id_token #ID token! not access token     } ) 

Then:

provider = f'cognito-idp.{region}.amazonaws.com/{user_pool_id}'  response = boto3.client('cognito-identity').get_credentials_for_identity(     IdentityId=identity_id_response,     Logins={         provider: id_token #access token again     }, ) 

Then, you can use AccessKeyId, SecretKey, SessionToken etc..

This is problematic as what if you want to send the ID token to multiple services (via SNS, etc..) so you could perform processing on behalf of the user? you basically send a sensitive token that contains sensitive user data over the backend.

So – it requires an encryption before sending this token, which seems like an overhead.

Any thoughts?

Encryption (not hashing) of credentials in a Python connection string

I would like to know how to encrypt a database connection string in Python – ideally Python 3 – and store it in a secure wallet. I am happy to use something from pip. Since the connection string needs to be passed to the database connection code verbatim, no hashing is possible. This is motivated by:

  • a desire to avoid hard-coding the database connection credentials in a Python source file (bad for security and configurability);
  • avoid leaving them plain-text in a configuration file (not much better due to security concerns).

In a different universe, I have seen an equivalent procedure done in .NET using built-in machineKey / EncryptedData set up by aspnet_regiis -pe, but that is not portable.

Though this problem arises from an example where an OP is connecting via pymysql to a MySQL database,

  • the current question is specific neither to pymysql nor MySql, and
  • the content from that example is not applicable as a minimum reproducible example here.

The minimum reproducible example is literally

#!/usr/bin/env python3  PASSWORD='foo' 

Searching for this on the internet is difficult because the results I get are about storing user passwords in a database, not storing connection passwords to a database in a separate wallet.

I would like to do better than a filesystem approach that relies on the user account of the service being the only user authorized to view what is otherwise a plain-text configuration file.

Related questions

  • Securing connection credentials on a web server – but that requires manual intervention on every service start, which I want to avoid
  • Security while connecting to a MySQL database using PDO – which is PHP-specific and does not discuss encryption

Best practices for storing long-term access credentials locally in a desktop application?

I’m wondering how applications like Skype and Dropbox store access credentials securely on a user’s computer. I imagine the flow for doing this would look something like this:

  1. Prompt the user for a username/password if its the first time
  2. Acquire an access token using the user provided credentials
  3. Encrypt the token using a key which is just really a complex combination of some static parameters that the desktop application can generate deterministically. For example something like:
value = encrypt(data=token, key=[os_version]+[machine_uuid]+[username]+...) 
  1. Store value in the keychain on OSX or Credential Manager on Windows.
  2. Decrypt the token when the application needs it by generating the key

So two questions:

  1. Is what I described remotely close to what a typical desktop application that needs to store user access tokens long term does?
  2. How can a scheme like this be secure? Presumably, any combination of parameters we use to generate the the key can also be generated by a piece of malware on the user’s computer. Do most applications just try to make this key as hard to generate as possible and keep their fingers crossed that no one guesses how it is generated?