VMware Cloud Community
fartman
Contributor
Contributor
‎10-02-2014 01:08 AM
Jump to solution

Any document or reference if user credentials for VCD are encrypted

Hi all;

any reference or documents to share on the above mentioned topic?

thanks

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
IamTHEvilONE
Immortal
Immortal
‎10-02-2014 08:01 AM
Jump to solution

http://www.vmware.com/files/pdf/techpaper/VMW_10Q3_WP_vCloud_Director_Security.pdf

page 32

"User Password Protection

LDAP users’ passwords are stored in the LDAP directories. They are never stored in the vCloud Director

database. They are transmitted using the method chosen in LDAP configuration. It is recommended that you use

SSL and, if available on the target directory, Kerberos.

Local users’ passwords are salted and hashed before storage in the Oracle database. The plain text password

cannot be recovered from the database. Users are authenticated by hashing the presented password and

comparing it to the contents of their password field in the database.

The vCloud Director also maintains passwords for accessing the private keys associated with its TLS/SSL

certificates as well as the passwords to the Oracle database, vCenter servers, and vShield manager servers as

mentioned above. These passwords are encrypted using a unique key per vCloud Director installation and stored

in the $VCLOUD _ HOME/etc/global.properties file. As mentioned earlier in this document, carefully protect

any backups that contain that file."

Please note that this might have been written when Oracle was the only supported Database.  Microsoft SQL server can be swapped out for the term Oracle where it appears.

View solution in original post

0 Kudos
5 Replies
IamTHEvilONE
Immortal
Immortal
‎10-02-2014 06:06 AM
Jump to solution

what do you mean and how so?

like storing passwords?  or when a user logs in?

0 Kudos
fartman
Contributor
Contributor
‎10-02-2014 07:15 AM
Jump to solution

It is more like storing user id & password

0 Kudos
IamTHEvilONE
Immortal
Immortal
‎10-02-2014 07:22 AM
Jump to solution

The DB only stores hashed passwords.  When a user logs in, the password is hashed in the instance of the website and the hash is compared to what's in the database.  I know its more complicated than that, but in simple terms that's what happens.

0 Kudos
fartman
Contributor
Contributor
‎10-02-2014 07:42 AM
Jump to solution

thanks for the info do you have any link or doc which shares such info i am currently being audited by my internal auditor on this part and would need some documentation on it

0 Kudos
IamTHEvilONE
Immortal
Immortal
‎10-02-2014 08:01 AM
Jump to solution

http://www.vmware.com/files/pdf/techpaper/VMW_10Q3_WP_vCloud_Director_Security.pdf

page 32

"User Password Protection

LDAP users’ passwords are stored in the LDAP directories. They are never stored in the vCloud Director

database. They are transmitted using the method chosen in LDAP configuration. It is recommended that you use

SSL and, if available on the target directory, Kerberos.

Local users’ passwords are salted and hashed before storage in the Oracle database. The plain text password

cannot be recovered from the database. Users are authenticated by hashing the presented password and

comparing it to the contents of their password field in the database.

The vCloud Director also maintains passwords for accessing the private keys associated with its TLS/SSL

certificates as well as the passwords to the Oracle database, vCenter servers, and vShield manager servers as

mentioned above. These passwords are encrypted using a unique key per vCloud Director installation and stored

in the $VCLOUD _ HOME/etc/global.properties file. As mentioned earlier in this document, carefully protect

any backups that contain that file."

Please note that this might have been written when Oracle was the only supported Database.  Microsoft SQL server can be swapped out for the term Oracle where it appears.

0 Kudos