AES and mySQL

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
JasonKerner
Forum Newbie
Posts: 4
Joined: Thu Jan 24, 2008 2:58 am

AES and mySQL

Post by JasonKerner »

Hi,

I've been looking at using PHP with mySQL and running the routines to encrypt data using the AES_encrypt and AES_decrypt routines. The question I have, is where do you store the key/cipher so that people can't easily get that? Surely you can't just hardcode it into the script?

Jason
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: AES and mySQL

Post by Mordred »

What are you encrypting? If it's login passwords, don't ;)
Also, which people aren't supposed to get the said key - the NSA/CIA/FBI/MI5, your hosting, your site admin?
JasonKerner
Forum Newbie
Posts: 4
Joined: Thu Jan 24, 2008 2:58 am

Re: AES and mySQL

Post by JasonKerner »

I mean in terms of someone managing somehow to download one of the php scripts and find the key from looking at the mysql statements. Is it worth putting the key in a non accessible folder that apache doesn't access? I have full access to the entire server structure.
bdlang
Forum Contributor
Posts: 395
Joined: Tue May 16, 2006 8:46 pm
Location: Ventura, CA US

Re: AES and mySQL

Post by bdlang »

It's usually recommended to store the AES key within MySQL.
JasonKerner
Forum Newbie
Posts: 4
Joined: Thu Jan 24, 2008 2:58 am

Re: AES and mySQL

Post by JasonKerner »

Ok, heres a question then, if I store the AES key inside the mySQL database, how do I protect the mySQL password in the PHP script that actually runs the connect statement properly?

Somewhere along the line a password is going to be hardcoded into the script? Or is there a better way of doing the connect statement?

Thanks for all the help so far on this thread

Jason
User avatar
JamesRavenscroft
Forum Newbie
Posts: 10
Joined: Thu Jan 31, 2008 3:45 am
Location: West Midlands, United Kingdom

Re: AES and mySQL

Post by JamesRavenscroft »

I've been programming in PHP for a while (not long enough but still) and I've found that generally, the convention is to program the mysql password into a config file that can often be publicly accessible. The security risk - as far as I'm aware - isn't that high because if somebody was to try and HTTP GET your config file, PHP would just do the instructions within - set a few variables to usernames and passwords silently - and then exit. This means the end user sees a blank screen and your password is safe.

^^Confirmation anyone?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: AES and mySQL

Post by Christopher »

If the machine is secure then I see no reason not to store the cypher on the machine. Here are the potential dangers as I understand them:

- The danger of storing a password on a shared server is that the permissions may be inadvertently set so that others can read them.

- The danger of putting a password in a PHP script in the public web directory is that if your webserver becomes inadvertently misconfigured it will show the contents of PHP scripts.

- Server is compromised.
(#10850)
phpknight
Forum Newbie
Posts: 3
Joined: Sun Feb 03, 2008 1:02 am

Re: AES and mySQL

Post by phpknight »

A simple scheme to protect your data, is to use the primary-keys to generate cipher-keys with a one-way hash functions, i.e. crypt, md5, sha in combination with a secret salt.

$cipher_key = crypt( $primary_key , "$2$_a_very_long_salt_at_devnetworks");
or
$cipher_key = md5( $primary_key . "$2$_a_very_long_salt_at_devnetworks");


See also, http://en.wikibooks.org/wiki/Cryptograp ... protection
Post Reply