sql password masking

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

sql password masking

Post by m3rajk »

i'm setting up a site and even though i have complete control of the development server, the actual server once it is developed may not even be dedicated.

because of this i would like to know how those of you with experience suggest hiding the database passwords. obviusly if they are in the file then if someone hacks the server then he or she can dl a file and see all the passwords. i'm wondering if there's something i'd be able to do that would make it harder to find the passwords.
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

When the user registers, do an md5() onto the password, and store it in the database. Then, when they need to login, md5 the attempted password, and see if the two match.
Image Image
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

i figured that. i mean the pasword to connect to the database. how do i mask that?

i'm going to have multiple leves if possible. the base one only being able to select and insert. this way people can view profiles without being signed up, and the forums as well, and on top of that i can have a those who haven't signed up post in specific forums i'd like to give them the ability to post in (problems.. i mean one concievable problem is a login issue, so i want people to be able to alert me of that)., the higher levels, the one for regular users, and admin, i want to mask


also.. in mysql.. when a connection comes back false, is that the same as being null? or does it containg the string 'false' or the number 0?

(in languages i've dealt with that don't have a special way of denoting null/false and true, it's binary, 0 being null or false and 1 being true)
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Well the password has to be somewhere on the server in cleartext. If you encrypt the database password, you hve to store the decryption key somewhere, so its the same problem all over again, as the password needs to be used automatically.

The guidelines I'ld give:

Definately store the db connection information outside the web-accessible tree

chown/chgrp the file to your web server. Chmod the file to 400. To read the file now they need to be able to both hack the box and assume an arbitrary userid, normally requires hacking root. If they get root, you have worse troubles than a leaked database password.

Choose a good password, (high entropy, good mix of alphanumericas and symbols, long 10+ characters), rotate it often.

Look into if you can use PHP's safe_mode or not, if its restrictions won't break your application, use it...

Monitor your logs, make sure the users who have logins to the production server take security seriously. That they aren't hosting side projects on the server, that they aren't sharing passwords, etc.
Post Reply