1. Field of the Invention
The present invention relates to the art of information security. It finds particular application in content management systems that perform secure access to a plurality of relational databases and other servers, and will be described with particular reference thereto. However, the present invention is useful in many other applications that involve password-secured access to computers and other digital systems and digital networks.
2. Description of Related Art
In large corporate data storage systems, typically only about fifteen percent of the data are stored in traditional database formats that are managed by conventional relational database management systems. The remaining eighty-five percent of the data are stored in a wide variety of less structured formats, such as image files, sound files, video files, text documents, electronic mail correspondence, spreadsheets, word processing documents, and the like. The lack of uniformity and absence of a common highly structured data format makes it difficult for end users to integrate and make use of such a diversity of data sources.
Content management systems have been developed to address these difficulties. A content management system provides a common, searchable user interface for accessing data servers including conventional relational databases and various other less structured sources of data. In a typical configuration, a content management system includes a library or otherwise-named searchable metadata-based content index, and one or more resource managers, object servers, or otherwise-named data interfaces that manage storage, archiving, retrieval, and delivery of the various types of information content. Resource managers provide a common interface for requesting and delivering content independent of its storage format and physical location.
To perform their functions, resource managers should have ready access to various relational database servers and other types of servers that contain the information to be indexed, stored, maintained, retrieved, delivered, or otherwise processed. Each of these servers is typically password-protected to control and limit access thereto. The passwords for the various servers are preferably different, but may be the same. To provide ready access to the various servers, the resource manager maintains a passwords list in a properties file, a database table, or other suitable data structure associated with the resource manager.
The convenience of providing a common resource manager interface for various servers comes at the cost of introducing a potential security risk in the form of the stored list of passwords. An unauthorized person such as a hacker who accesses the passwords list can attack any of the corresponding servers using the information derived from the list. To make unauthorized access of information more difficult, it is known to store in the passwords list in an encrypted form. The resource manager recalls an encrypted password, decrypts it, and forwards the decrypted plaintext password to the corresponding server to obtain access thereto.
Even with the use of encryption, however, the list of passwords continues to present some security risk. Insofar as resource managers are typically substantially standardized commercial software products, there is a possibility that knowledge of the cipher key at one resource manager installation can be used to illicitly access other resource manager installations. Moreover, because the passwords for the various servers are encoded using the same cipher key, a hacker or other unauthorized person who obtains the key or breaks the cipher has immediate access to all servers whose passwords are stored in the passwords list of the resource manager.
Even if the hacker does not steal or break the cipher key, the passwords list can still facilitate illicit server access. Although it is highly recommended to assign a different password to each server, in practice the same password is often assigned to more than one server. These identical passwords are converted into identical ciphertexts by the encryption. Persons who know the plaintext password for accessing one of these identically password-protected servers can scan the encrypted passwords list and immediately recognize other servers having the same password by identifying other servers with the same ciphertext password. Thus, even without breaking the cipher, such a person can gain access to those other identically password-protected servers, even though that person may not have authorization to access those other servers.
Yet another concern arises during updating of a password. While the resource manager is running, a new server connection may be added, or a password for an existing server connection may be changed. Password updating may be performed through one of the resource managers, or by accessing the server independently from the content management system. Typically, such a password update results in an unencrypted plaintext version of the password being added to the passwords list. Storage of the password in plaintext is an inherent security risk. Moreover, during a subsequent request to access that server, the resource manager accesses the stored plaintext password and attempts to decrypt it. Since the plaintext password is not encrypted, this results in a decryption error.
The present invention contemplates an improved method and apparatus which overcomes these limitations and others.