Page 1 of 1

password in php document

Posted: Tue Dec 17, 2002 9:24 pm
by bullet45
I'm a new user of php and mysql, and
have a question that concerns me about security. When writing the php document to
connect to mysql, the password is written in the document itself. This is not a problem for outside sites since the php engine processes the documents. But how do I protect the password from internal users? Since it's served out by the server, it has the word read permission so users on the system could determine where it was located and read the file. Is there a way to keep from placing the password in the document?

Posted: Tue Dec 17, 2002 9:34 pm
by oldtimer
I myself make a configureation file. sometimes config.php. I then place it outside my www root and then include it. Now this does not help if people have access to root and can get to it.

Is this a linux or a windows server?

Posted: Wed Dec 18, 2002 4:31 am
by Takuma
You might be able to use PGP but I'm not sure how to implement it on PHP... I think you need to encrypt the password and the decrypt it. But normal function is easy to crack as one can see which function is used.

server

Posted: Wed Dec 18, 2002 9:41 am
by bullet45
The server is on a Solaris box running
Apache.

Posted: Wed Dec 18, 2002 12:32 pm
by Takuma
Will you be able to set a password to view the folder or set a permission level? I'm not really use to Solaris.

Posted: Wed Dec 18, 2002 12:49 pm
by Johnm
First, storing it outside the web tree is a good idea but chmod 711 file.php will allow it to be executed by anyone but only read by the owner and root. Make the owner root and things are pretty locked down.
make it a dot file ex:( mv file.php .file.php) and it makes the file a little more discrete.



John M

permissions on php files

Posted: Wed Dec 18, 2002 4:23 pm
by bullet45
I've tried only having execute access on
the php file, however the server won't pick up the file and execute it without the world read permission. Moving it out of the www tree is an idea that I can try, but the problem is that I would still have to give permission for the web server user to access the file, and users on the system would be able to read the file and determine where I hid the portion with the password.

Posted: Wed Dec 18, 2002 7:53 pm
by Rincewind
Just off the top of my head, and I'm not really familiar with this stuff so if I'm beeing stupid tell me :)
If the user running the web-server is the only user having read-access to the file how would someone go about reading it directly from the file-system and not through apache?
If read through apache it won't show the code anyhow (as long as the file is named .php that is)
Am I way off here, and if so, why?
I would like an answer to this as well :)

permissions

Posted: Wed Dec 18, 2002 8:16 pm
by bullet45
The reason for the world read permission
is that the apache server is running as
user nobody, the least privileged user on
the system. In order for a file to be served
out by the server, it must have permissions
that allow nobody to read it. One partial fix would be to make nobody the ower of the
php file, but this will not work as a full solution because I (as sysadmin) can change the owner of the file to nobody, but
other users can't. I really like the way php and mysql work, but there is sensitive data
stored in the databases I will be using so I want to make sure that I am the only one that can access the database.

Posted: Wed Dec 18, 2002 8:28 pm
by Rincewind
Hmmm...
But how can a users access the web-tree on the server without going through apache?
I guess the web-tree isn't NFS-shared and the users usually don't have physical access to the server.
Of course, if the users have access to a shell on the server....do they?
Would then a dedicated web-server with no shell-access be a sollution?
What about serving those particular files from a dedicated, yet outdated, machine with read-access only to the web-server? Or from a NFS-share readable only from the IP of the web-server?
I'm reaching, I know, but I see the problem and that I may be faced with it, so I try to understand, ok?

Rincewind

web tree

Posted: Wed Dec 18, 2002 10:55 pm
by bullet45
The problem with isolating the files is that the users on the system are allowed to have their own web space, and they would be presented with the same problem since there has to be access for the webuser to read the php file.

Posted: Thu Dec 19, 2002 6:57 am
by Johnm
Rename your server to something like webserver or webuser, create an account for the webserver allowing it the permissions and file ownership that it needs. You, as the admin can su to root or the webserver to make any needed changes yet the file remains secure.

John M

server

Posted: Sat Dec 21, 2002 9:43 am
by bullet45
The problem with that is it won't work for
other users on the system. The only
solution I can come up with is to write a
setuid program that users on the system
can filter their files through that will set the
user to the webuser.

Posted: Sat Dec 21, 2002 9:49 am
by Johnm
Multiple files with a script to ensure that they are updated properly?
Just a thought. You can define access to each users web space directory specifically.

I guess that I am not sure that I understand the problem as we have multiple websites for our business with specific permissions even down to the user level to control who sees what and when.

John M

Posted: Sat Dec 21, 2002 11:40 pm
by evilcoder
The fact is, millions of sites contain files which have passwords and usernames in them, luckily the vast majority of people don't know how to crack these. You going to need one file to connect to a database, but to secure database information you can insert it with MD5. That works fairly well.