Page 1 of 1
sql password masking
Posted: Thu Jul 03, 2003 12:26 pm
by m3rajk
i'm setting up a site and even though i have complete control of the development server, the actual server once it is developed may not even be dedicated.
because of this i would like to know how those of you with experience suggest hiding the database passwords. obviusly if they are in the file then if someone hacks the server then he or she can dl a file and see all the passwords. i'm wondering if there's something i'd be able to do that would make it harder to find the passwords.
Posted: Thu Jul 03, 2003 12:46 pm
by phice
When the user registers, do an md5() onto the password, and store it in the database. Then, when they need to login, md5 the attempted password, and see if the two match.
Posted: Tue Jul 08, 2003 10:21 am
by m3rajk
i figured that. i mean the pasword to connect to the database. how do i mask that?
i'm going to have multiple leves if possible. the base one only being able to select and insert. this way people can view profiles without being signed up, and the forums as well, and on top of that i can have a those who haven't signed up post in specific forums i'd like to give them the ability to post in (problems.. i mean one concievable problem is a login issue, so i want people to be able to alert me of that)., the higher levels, the one for regular users, and admin, i want to mask
also.. in mysql.. when a connection comes back false, is that the same as being null? or does it containg the string 'false' or the number 0?
(in languages i've dealt with that don't have a special way of denoting null/false and true, it's binary, 0 being null or false and 1 being true)
Posted: Tue Jul 08, 2003 3:15 pm
by nielsene
Well the password has to be somewhere on the server in cleartext. If you encrypt the database password, you hve to store the decryption key somewhere, so its the same problem all over again, as the password needs to be used automatically.
The guidelines I'ld give:
Definately store the db connection information outside the web-accessible tree
chown/chgrp the file to your web server. Chmod the file to 400. To read the file now they need to be able to both hack the box and assume an arbitrary userid, normally requires hacking root. If they get root, you have worse troubles than a leaked database password.
Choose a good password, (high entropy, good mix of alphanumericas and symbols, long 10+ characters), rotate it often.
Look into if you can use PHP's safe_mode or not, if its restrictions won't break your application, use it...
Monitor your logs, make sure the users who have logins to the production server take security seriously. That they aren't hosting side projects on the server, that they aren't sharing passwords, etc.