Securly storing database connection passwords?

Forum Moderators: coopster

Message Too Old, No Replies

Securly storing database connection passwords?

JAB Creations

10:06 am on Jan 4, 2012 (gmt 0)

The Situation: I wish to securely store passwords (intentionally plural) used to connect to databases (again, intentionally plural).

The Problem: even if I hash the passwords they need to be de-hashed before being used to connect to the server so having that ability even in a different file if a hacker has access to the PHP code is only a matter of when not if they will determine how to convert the passwords to plain text.

Unless there is something I'm not yet aware of that addresses this issue?

- John

1888software

10:32 am on Jan 4, 2012 (gmt 0)

The database password and database name are useless without a database username - with correct permissions - and database host server name. If you are saving all of these, read on.

You should be able to find or create a proprietary encryption algorithm where only you have the key. So use your key to impose your own encryption on the insert, and unlock when selecting.

If you do that over a secure https:// connection you will have some measure of protection.

Dinkar

5:21 pm on Jan 4, 2012 (gmt 0)

Simple solution: store it in root directory (NOT web root) and include it in php file where you need it.

JAB Creations

5:27 pm on Jan 4, 2012 (gmt 0)

18, if only I have the key then how does the password get decrypted on every single page load 24/7?

Dinkar, that merely moves the password around, I want to do this securely as possible and there has to be a better way.

- John

httpwebwitch

5:56 pm on Jan 4, 2012 (gmt 0)

afaik, if a hacker gets access to your PHP source, there's not much you can do to protect your db connection creds.

But... how are they getting to your PHP source?
If something goes wrong with PHP but Apache is still spewing out content from the DocumentRoot, then someone might request a *.php file and view it like plain text.

In that case, keeping your config settings one level above the web-accessible root is a good idea.

It's become a matter of habit for me to create a "config.php" and keep it outside the web-accessible "public_html", and include() it where needed. That config contains the db creds as defined constants.

If a hacker gets "root" on your server, nothing's going to prevent them from stealing/accessing data. They can just mosey over to /var/lib/mysql start tearing away at things.

Encrypting the credentials is a neat idea. It's not going to deter a persistent hacker, because whatever you do to encrypt, they'll see how you decrypt wherever you mysql_connect(). but it might be annoying enough that they'll give up & move on.

Dinkar

2:01 pm on Jan 7, 2012 (gmt 0)

One more option:

Create a folder. Keep all php include files storing passwords etc in that folder. Then use .htaccess file to deny all IPs to access this folder.

But, I prefer to keep those files in a folder located outside the web root folder "public_html".

I have use both methods in one project just to make things little more complicated.