I have the user entering the username and password at runtime using flag and pass the pointer to the user flags to the function, where the two strings are handed off to the sql driver.
It occurs to me that there is a string in memory for the runtime of the program that contains the password of the database. While I don’t expect someone to get root access to my computer and dig through memory until they find a pointer to a string, all to get access to my stupid little toy database, I can’t imagine how a more ‘important’ system would be architected.
Is everything out there in the wild just sitting around with credentials in memory?
To manage authentication and credentials, I have created an isolated “safe box” consisting of Auth server, API server and database server (Postgresql). All of these servers are only reachable by internal IP addresses (10.x.x.x)
In the Auth server I have credentials stored both in a local Postgresql database (permanent) and in a Ristretto cache together with session id (temporary time limited) for faster access.
The only thing that is exposed to internet is the session id. All credentials is more or less unreachable within this “safe box”.
As all communication is done via internal IPs or localhost from and within the safe box the latency is minimal. And hence the speed is about fractions of a second.