Asked  7 Months ago    Answers:  5   Viewed   175 times

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I'm using a single, minimum-permission login for my application, then the PHP needs to know that login and password somewhere. What is the best way to secure that password? It seems like just writing it in the PHP code isn't a good idea.

 Answers

55

Several people misread this as a question about how to store passwords in a database. That is wrong. It is about how to store the password that lets you get to the database.

The usual solution is to move the password out of source-code into a configuration file. Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.

Wednesday, March 31, 2021
 
waylaidwanderer
answered 7 Months ago
18

There is little to be gained from trying to slow down an intruder that already has root access to your system. Even if you manage to hide the credentials well enough to discourage them, they already have access to your system and can wreak havoc in a million ways including modifying the code to do whatever they wish.

Your best bet is to focus on preventing the baddies from ever penetrating your outer defenses, worry about the rest only after you've made sure you did everything you can to keep them at the gates.

Having said that, restricting database user accounts to only a certain subset of privileges is definitely not a bad thing to do if your architecture allows it.

Wednesday, March 31, 2021
 
francadaval
answered 7 Months ago
61

Run crontab in unix shell and create the rule to launch process for creating database backup

 0 0 * * * /usr/local/bin/mysqldump -uLOGIN -PPORT -hHOST -pPASS DBNAME | gzip -c > `date ā€œ+%Y-%m-%dā€`.gz

Also check this

EDIT

The web interface you only have to write, dont think you can find a readymade code for that. But You need to use cron job, to automate a function to run at regular intervals in a unix machine. You can find more info on how to write a cron-job here. So you now, just need to write a web interface, which gets data from user and changes the rule according to the input(Which I think you can do it yourselves)

Saturday, May 29, 2021
 
Dev
answered 5 Months ago
Dev
45

This is not a big privacy issue

The internet is composed of some few websites / web applications using self hosted solutions with fully personal servers (owned and operated in their own NOC).

Everyone else is using some form or another of shared, virtualized, semi-private, semi-dedicated, collocated hosting. In every case the hosting company has full access to everything, they have physical access to the servers -- no amount of protection can help you there.

Shared hosting might be the easiest to access from the hosting company's perspective. But that's not relevant, their policies should prevent them from operating in bad faith because if they wouldn't it wouldn't really matter if it was the easiest or the hardest to access it would only matter how interesting the data you have is to them (or some random employee of theirs).

Finding a solution to the above non-issue

Some approaches might use:

  • Mounting an encrypted filesystem as a folder and setting up MySQL to use that folder to store its data;
  • MySQL encryption functions to encrypt the data in a particular cell or column;
  • a library on top of SQLite that had an encryption feature which would encrypt the entire database file;

On the other hand if your PHP files would be on the same server and the database decryption password would be stored inside your PHP files, any "intruder" could find it and use it if they wanted it.

You'd have to store the password on a different server or obtain it from the user in order to not have it present inside the local PHP files. This would obviously still be available at runtime; if the "intruder" is a programmer he will be able to retrieve it fairly easily.

Saturday, May 29, 2021
 
jwegner
answered 5 Months ago
92

You can try to put your database credentials in separate file with proper UNIX permissions set, for example 644, and then include this file on top of your script.

The configuration.php file will look like:

<?php
define (DB_USER, "mysql_user");
define (DB_PASSWORD, "mysql_password");
define (DB_DATABASE, "database_name");
define (DB_HOST, "localhost");
?>

Your original script will look something like this:

require ("configuration.php");
public class DatabaseConnect
{
function __construct()
{
    mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die('Could not connect to MySQL server.');
    mysql_select_db(DB_DATABASE);
}

}
Tuesday, August 10, 2021
 
CAMason
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :