Developing sites, and storing login credentials

Events happening in the community are now at Drupal community events on www.drupal.org.
aprice42's picture
Posted by aprice42 on March 13, 2009 at 2:07am

Hi all,

I have a general question, as I set out to develop a few Drupal sites... (not totally Drupal related... but then again, maybe it could be?)

When developing multiple sites at once, I am running into an issue with two basic things:

  1. Generating unique user names and passwords for each site for various items such as root user, domain name registration account, etc... and
  2. a convenient and secure place to store this sensitive information, other than a hand written note :)

I realize that this info will likely get changed once the site is handed over, but it would be great if I didn't have to compromise my passwords, or come up with tricky login credentials for every site...

if anyone out there has a good solution for either of these issues, I would love to hear it...

Thanks,
Andy )

Comments

simple is best

Posted by rjleigh on March 15, 2009 at 6:41pm
rjleigh's picture

I usually just make control names based off the site name, and generate a random password (you can do this in phpmyadmin, or just google 'password generator' for a bunch of sites).

Then I store them in an OpenOffice spreadsheet that is password protected, and kept on a secure drive. Not CIA level security, but certainly much better than the drupal security of storing the database passwords in a plain text file.

One good trick: Drupal won't let you use the same email address twice, but some email accounts, like Gmail, will let you create unique email addresses that will all go the same mailbox by using a plus sign in the name, like this:

name@gmail.com
name+1@gmail.com
name+fred@gmail.com

all will go to the same box.

--- -- -

Posted by aprice42 on March 17, 2009 at 2:59pm
aprice42's picture

thanks for the tips... seems like a good logical way to do it... I am hoping to find something that can be shared among team members, which I suppose could be done with a open office doc, and a web based file repository so long as the document is password protected.

Andy )

For storing passwords, I

Posted by mikey_p on March 17, 2009 at 6:27pm
mikey_p's picture

For storing passwords, I prefer a simple text file encrypted with GPG (or similar). With GPG though you can create a key just for your team and share the private key with all the folks that need it, so they can decrypt it at anytime and anyone anywhere can encrypt for them. This just outputs a simple file that can easily be versioned along with the site files.

For generating passwords, checkout a technique called diceware, it has a relatively high entropy, and yet is not impossible to memorize passwords for a short time. See http://world.std.com/~reinhold/diceware.html for more info. Also, there are some scripts that you can use to generate passwords using that technique more easily than rolling physical dice.

@mikey_p thanks for the

Posted by aprice42 on March 21, 2009 at 9:29pm
aprice42's picture

@mikey_p thanks for the input... I will give this method a try...

Andy )