Page 1 of 1

Clearing DB credentials

Posted: Thu Aug 26, 2010 10:45 am
by alex.barylski
I just witnessed an interesting technique that got me thinking.

Assuming your entire application uses a front controller and index.php bootstrap. No other point of entry, now assume, you connect to the DB's immediately in the first 2-3 lines of code and once ocnnected, you clear the registry, globals, whatever contains your credentials. Does this improve security?

If someone manages to inject PHP code into your application (either directly a la eval or indirectly via uploaded include or similar) so long as the point of injection is past the point of DB conneciton and clearing, the hacker(s) should, in theory, not be able to echo the DB credentials and obtain those details. This is nice to know, considering my server typically **do** allow remote connections so I can easily manage data from home, etc.

I guess this would put a kybosh on lazy loading connections, and only connecting at the time of requirement, but is it more secure, at least in theory?

On second thought it''s not really of significance to me, as my localhost DB accounts are limited (rarely allowed to delete) an root account details are never sored in INI files or used in PHP scripts, strictly by mean my DB client manager. Still, it got me thinking.

Cheers,
Alex

Re: Clearing DB credentials

Posted: Thu Aug 26, 2010 12:59 pm
by Weirdan
PCSpectra wrote: Assuming your entire application uses a front controller and index.php bootstrap. No other point of entry, now assume, you connect to the DB's immediately in the first 2-3 lines of code and once ocnnected, you clear the registry, globals, whatever contains your credentials. Does this improve security?
I don't think so.
If someone manages to inject PHP code into your application (either directly a la eval or indirectly via uploaded include or similar) so long as the point of injection is past the point of DB conneciton and clearing, the hacker(s) should, in theory, not be able to echo the DB credentials and obtain those details. This is nice to know, considering my server typically **do** allow remote connections so I can easily manage data from home, etc.
If someone manages to inject PHP in any form, they would be able to read the index.php and, most probably, anything else where it might be getting connection info from. Besides, the only point to steal db credentials I see is to connect to the database and run some queries on it - and they would have existing open connection to the database available already, ready to serve them as they please.

Re: Clearing DB credentials

Posted: Thu Aug 26, 2010 2:09 pm
by alex.barylski
If someone manages to inject PHP in any form, they would be able to read the index.php and, most probably, anything else where it might be getting connection info from. Besides, the only point to steal db credentials I see is to connect to the database and run some queries on it - and they would have existing open connection to the database available already, ready to serve them as they please.
Well the way I stored DB credentials, it would be impossible for a PHP script to access them, as they are stored in httpd.conf as environment variables, so no amount of reading index.php or config.ini would result in discovery of credentials. My only concern, is that, if the variables that store them in the context of PHP are not cleared, then injected code "could" simply echo the values, as they are super-globals.

But like I said, in my case, the only user that has remote access and full privies is root and those credentials are never stored anywhere in the code, config, etc. I use that account to connect directly to the server to perform maintenance, etc.

So while in theory, I still think clearing connection details makes the application more secure, in all practical situations, it's a waste of time. :P

Cheers,
Alex