This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: DB Password Policy Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to firstname.lastname@example.org 1.0 Purpose This policy states the requirements for securely storing and retrieving database usernames and passwords (i.e., database credentials) for use by a program that will access a database running on one of <Company Name>'s networks. Computer programs running on <Company Name>'s networks often require the use of one of the many internal database servers. In order to access one of these databases, a program must authenticate to the database by presenting acceptable credentials. The database privileges that the credentials are meant to restrict can be compromised when the credentials are improperly stored. 2.0 Scope This policy applies to all software that will access a <Company Name>, multi-user production database. 3.0 Policy 3.1 General In order to maintain the security of <Company Name>'s internal databases, access by software programs must be granted only after authentication with credentials. The credentials used for this authentication must not reside in the main, executing body of the program's source code in clear text. Database credentials must not be stored in a location that can be accessed through a web server....
View Full Document
This note was uploaded on 09/25/2010 for the course SIT 284 taught by Professor Lei during the Two '08 term at Deakin.
- Two '08