How to protect your password database in PHP?

Language 2020-02-09 13:17:04 views: null

When PHP the application to establish a database connection, of course, usually need to pass a login name and password. If I use a single login minimum permissions for my application, PHP needs to know the login and password somewhere. What is the best way to protect the password is? It only seems to write not a good idea in PHP code.

#1st Floor

Another technique is to use a separate PHP a profile as shown below: 

<?php exit() ?>

[...]

Plain text data including password

This will not prevent you from properly set access rules. However, if your site has been hacked, "require" or "include" the only exit in the first line of the script, and therefore more difficult to get the data.

But never the configuration file in the directory can be accessed via the Web. You should have a "Web" folder that contains your controller code, css, pictures and js. that's it. Offline folder other content.

#2nd Floor

The safest way is not to use the information specified in the code of PHP.

If you are using Apache, it means set the connection details in the file httpd.conf or virtual host file. If you do this, you can without any arguments calling mysql_connect (), which means that PHP will never output your information.

It is these values ​​that you specify in these documents ways: 

php_value mysql.default.user      myusername
php_value mysql.default.password  mypassword
php_value mysql.default.host      server

Then you open the mysql connection like this: 

<?php
$db = mysqli_connect();

Or like this: 

<?php
$db = mysqli_connect(ini_get("mysql.default.user"),
                     ini_get("mysql.default.password"),
                     ini_get("mysql.default.host"));

#3rd floor

For very secure system, we will encrypt the database password in a configuration file (which itself is protected by a password system administrator). When the application / server startup, the application then prompts the system administrator to enter a decryption key. Then read from the configuration file database password, decrypted and stored in memory for future use. Because it is stored in decrypted in memory, and therefore is still not 100% safe, but sometimes you have to call it "safe enough"!

#4th floor

If you can create a database connection credentials stored in the same file in. Inline connect statement credentials.

mysql_connect("localhost", "me", "mypass");

Otherwise, it is best to unset the credentials after the connect statement, because they can not be read from memory is not in memory credentials;)

include("/outside-webroot/db_settings.php");  
mysql_connect("localhost", $db_user, $db_pass);  
unset ($db_user, $db_pass);

#5th Floor

The best way is to simply not store passwords!
For example, if you are on a Windows system and connect to SQL Server, you can use the integrated authentication using the identity of the current process, without requiring a password to connect to the database.

If you need a password to encrypt the connection, using strong encryption (for example, using AES-256, and then protect the encryption keys, or use asymmetric encryption, and operating system protection certificate), and then store it in a with a strong ACL's configuration file (located in the Web catalog outside).

#6th floor

If you are hosted on someone else's server, and there is no access to the outside Webroot, you can always password and / or database connected into the file, and then use the .htaccess file locking: 

<files mypasswdfile>
order allow,deny
deny from all
</files>

#7th floor

The solution is universal, because it open source applications and closed source application is useful.

  1. OS users to create your application. See http://en.wikipedia.org/wiki/Principle_of_least_privilege
  2. Use the password you created (non-conversational) OS environment variables for the user
  3. Run the application to the user identity

benefit:

  1. You will not accidentally checked into source code management, because you can not
  2. You do not accidentally mess up the file permissions. Well, maybe you can, but this will not affect this.
  3. Or readable only by the root user. Root can still read all your files and encryption keys.
  4. If you use encryption, how to safely store keys?
  5. Suitable for x platform
  6. Make sure not to pass envvar untrusted child process

This method is recommended by the very successful Heroku.

Building # 8

We have solved it in the following ways:

  1. Use memory cache on the server, and the establishment of an open connections to other servers password.
  2. Save the password (or even all encrypted files password.php) and the decryption key to the memory cache.
  3. The site calls the memcache key save password file password and decrypt all passwords in memory.
  4. The server sends a new password encrypted password file every five minutes.
  5. If you use encryption in the project password.php, then review it checks whether the file is touched or viewed externally. When this happens, you can automatically clean up and shut down the server memory to be accessed.

House # 9

Previously, we will DB user / password stored in the configuration file, but since then has been in a state of paranoia - a " defense in depth" strategy.

If your application is compromised, the user will have read access to your profile, and therefore, crackers possible to read this information. Profiles may also fall into version control, or copied around the server.

We have switched to the user environment variables / delivery store the set in the Apache VirtualHost. This configuration can only be read by root - like your Apache user is not run as root.

The disadvantage of this is now password Global PHP variable.

To mitigate this risk, we take the following precautions:

  • The password is encrypted. We expanded the PDO category to include logic for decrypting passwords. If someone reads the code where we establish a connection, it is obviously not using encryption password instead of the password itself to establish a connection.
  • Encrypted passwords moved to private variables from the global variable . Applications do this immediately, to reduce the value of the window available in the global space.
  • phpinfo()Disabled. PHPInfo goal is a readily available, can fully understand all the contents, including environment variables.

#10th floor

Store them in a file outside the Web root directory.

House # 11

It was to be misinterpreted as a database on how to store the password problem. That is wrong. It is about how to store enables you to access the password database.

The usual solution is to move the code from the source code configuration file. Then, managed by the system administrator and protects the profile. In this way, developers do not need to know any information about the production passwords, and source code management did not record the password.

House # 12

The database password in a file, it provides the user with read-only file.

Unless you have some php method only allows access to the database server process, otherwise it is almost that you can do.

House # 13

If you are talking about a database password instead of a password from the browser, the standard practice seems to be the database password in the PHP configuration file on the server.

You just need to make sure php file containing the password has the appropriate permissions to. That is, it can only be read by a Web server and your user account.

House # 14

Just put it in a position to profile. Just make sure you:

  1. Prohibit access to the database from any server outside the network,
  2. Be careful not to accidentally displayed to the user password (in the error message, such as HTML or as a PHP file by careless).

House # 15

As you said, your options are limited, because you need a password to access the database. A common method is to separate configuration file, rather than the main script user name and password storage. Then ensure that in addition to its main Web store tree. That is, if there is a network configuration problem, make your php file to display text only instead of being executed, you do not reveal the secret.

In addition, you are in the right, access to the account being used by the least privileged. Plus

  • Do not use a combination of username / password for any other purpose
  • The database server is configured to accept connections from the Web host user (if the database is on the same computer, localhost even better) way, even if only credentials are disclosed, nor will they be useful to any person, unless they have the right access the host. machine.
  • Confusion password (even ROT13 will be confused), even if someone can actually access the file, it will not provide much defense, but can at least prevent free to view the file.

Peter

House # 16

If you are using PostgreSQL, it will automatically ~/.pgpassfind the password. For more information, please refer to the manual .

asdfgh0077
Original articles published 0 · won praise 2 · views 10000 +
私信 关注

Guess you like

Origin blog.csdn.net/asdfgh0077/article/details/104233367
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com