I’ve an utility server, written in C++ and in addition makes use of REST API to serve requests. There isn’t a database, only a easy service which returns if the content material of request is legitimate.
State of affairs
The server is in a neighborhood community and solely reachable there, has no web connections, and solely meant to serve request from the identical native community.
Now I wish to safe the REST API with Primary Authentication, with one consumer solely, and do not know if this following methodology to retailer password is safe sufficient :
- The password will probably be handed as parameter on deployment
- The deployment will encrypt (with DES) the password with a key, retailer it in an atmosphere variable, say PASSWORDENV, whereas the important thing will probably be hard-coded within the utility code.
- When request comes, the appliance ought to learn the HTTP headers for id and password, encrypts the password, and compares with PASSWORDENV
- The encryption secret is hardcoded, however I dont know every other approach else to confirm the password
- Is there any safety downside with our resolution ?