Viewed   286 times

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I'm using a single, minimum-permission login for my application, then the PHP needs to know that login and password somewhere. What is the best way to secure that password? It seems like just writing it in the PHP code isn't a good idea.



Several people misread this as a question about how to store passwords in a database. That is wrong. It is about how to store the password that lets you get to the database.

The usual solution is to move the password out of source-code into a configuration file. Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.

Saturday, September 17, 2022

There is little to be gained from trying to slow down an intruder that already has root access to your system. Even if you manage to hide the credentials well enough to discourage them, they already have access to your system and can wreak havoc in a million ways including modifying the code to do whatever they wish.

Your best bet is to focus on preventing the baddies from ever penetrating your outer defenses, worry about the rest only after you've made sure you did everything you can to keep them at the gates.

Having said that, restricting database user accounts to only a certain subset of privileges is definitely not a bad thing to do if your architecture allows it.

Monday, September 5, 2022

The only risk is if you have the definitions under the document root. In that case, if something goes wrong with your server configuration and people can see your PHP code, the constants (and thus database credentials) will be exposed.

The most secure way (that I know of) is to have the credentials as part of the server environment that is restricted only to root. Then, developers can use _SERVER['db_user'], etc. This is potentially more secure in that the people who have access to the actual DB credentials are more limited. It also gives you the flexibility to use different credentials depending on the server (development vs. production, for example). However, you can see all server environment variables with phpinfo(), var_dump($_SERVER), etc. so you have to take care not to upload such things.

Thursday, August 18, 2022

The problem with encrypting your database is that anything you encrypt cannot be used in a SQL query, and also, it still has to be decrypted before it can be used. This means that you need to place the decryption key in close proximity to the database, and in most cases, if someone can compromise your database, that means they have also compromised your decryption key at the same time. Thus the encryption step has bought you very little. With passwords, no decryption is necessary because it's actually a hash function. You're far better off making sure the database is never compromised in the first place.

Always assume that if a hacker can compromise any portion of your security, they can compromise all of it. Chain is only as strong as its weakest link and all that.

Credit card numbers and social security numbers (which fortunately you don't usually need to index on) are probably the most obvious exception to this, but if you have to ask this question, you've got no business storing those items in the first place. There's all kinds of legal trouble you can get into for messing that stuff up.

Wednesday, October 19, 2022

You can try to put your database credentials in separate file with proper UNIX permissions set, for example 644, and then include this file on top of your script.

The configuration.php file will look like:

define (DB_USER, "mysql_user");
define (DB_PASSWORD, "mysql_password");
define (DB_DATABASE, "database_name");
define (DB_HOST, "localhost");

Your original script will look something like this:

require ("configuration.php");
public class DatabaseConnect
function __construct()
    mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die('Could not connect to MySQL server.');

Sunday, September 18, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :