Securely handling application-to-application connection credentials

The utilization of application-to-application credentials within interpretive language scripts and application code has long been a security risk. The quandaries being how to protect and secure the credentials embedded in source code and avoid exploitation from rogue programmers, sys admins and other users with authorized high levels of privilege. To date the pervasive method for addressing this has been to live with the risk and concentrate on mitigating the impact of expected and eventual exploitation. Recently published research efforts support the pervasive acceptance of this risk by such stayed auditing bodies such as the Institute of Internal Auditing (IIA) and the Information Systems Audit and Control Association (ISCAA). Numerous research efforts have taken place were built on the premise that nothing can be done to avoid the risk so it is best to concentrate the research on reducing the impact of exploitation. The research presented in this paper develops a method by which interpretive language scripts can request credentials from a commercial password vault and have those credentials returned to the script in such a manner as to reduce the risk of exploit significantly over generally accepted methods for credential handling.