|
|
Posted by Justin Koivisto on 05/13/05 17:30
Pat A wrote:
> We have a dilemma. We are storing our database password in an include
> file that resides outside of the web root. The password is in plain
> text. So, no one can get that password because it can't be served up
> by the web server. So far, so good.
>
> The customer wants all of our passwords encrypted. So, how do I go
> about securely encrypting that password? If I use mcrypt, I have to
> store a key and an IV somewhere...and if those are in clear text, I
> might as well just store the password in clear text. That is to say, I
> could encrypt the password with a given key and IV, and then hard code
> that key and IV into my app and put the encrypted password into the
> database. But, there's really no security in that.
>
> Has anyone else done anything like this?
OK, there is also another way to do this that I had mentioned in a few
groups a couple years back...
If the server is apache on *nix...
1. httpd.conf should be chown root.root, chmod 600
2. in the virtual host for your domain, use SetEnv to create variables
like SQL_HOST, SQL_PASS, SQL_USER, SQL_DB
3. in PHP, access these variables as $_SERVER['SQL_HOST'],
$_SERVER['SQL_PASS'], $_SERVER['SQL_USER'] and $_SERVER['SQL_DB']
Doing this ensures that only someone with root access can actually
see/edit the details in the file on the server. Putting the statements
in the VirtHost container ensures that only your domain requests have
those variables set to your values.
Of course, they would have to be stored in memory *somewhere*, so it's
always possible to get the details (just hard to do).
I don't know what other servers have these capabilities, but on IIS/PHP,
you can have different php.ini settings via registry edits, so you could
actually set up your database details through that. (Don't know if
unprivileged users could get registry values, but wouldn't surprise me.)
--
Justin Koivisto - justin@koivi.com
http://koivi.com
Navigation:
[Reply to this message]
|