Currently my database user and its password are pretty easily to guess, eg.
database user: dbadmin
database pwd : super + companyname
What and how to generate a secure a secure database password? Using md5 or sha1??
What are the things that I need to pay attention to secure my database?
I am using php, thanks
You can make a secure password simply by mashing the keyboard:
Z3w947CFqnY39cfo
That's as secure as you possibly need - it's immune to dictionary attacks, and long enough to be immune to brute force attacks.
(Of course you'll need to write it down, unless you have a trick memory, but that's always a compromise with passwords - and presumably it will appear in your application code or config anyway.)
Use some kind of pattern to create a password that is complex, but also possible for you to remember.
E.g. Think of a silly sentence and take the first letter of every word.
"16 Butterflys drew straws to see which 5 should become Caterpillars first."
forms the password "16Bdstsw5sbCf".
That's 13 chars long, contains 3 numbers and some upper case chars. That should be pretty strong, and it's much easier to remember than just a random string.
For even better strength, throw some punctuation in there too.
If what you're looking for is just a secure password generator, there are a number of tools for creating strong passwords. Keepass is one that I use, but you can also look into pwgen, apg, passgen, or others.
To keep the database secure you also need to consider where you're using the username/password combination in your scripts. One technique that I've seen used often is to put the credentials in a separate file and to import them everywhere else they're needed. This way you can put strict access regulations on that one file through your webserver and filesystem security settings.
Security is a layered approach, and the more precautions you take the more resistant your server will be to malicious activity.
If you use phpMyAdmin it has, when you are creating a user, a 'generate password' option. Try that or you could do something like this:
function generatePassword($length) {
// start with a blank password
$password = "";
// define possible characters
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
// set up a counter
$i = 0;
// add random characters to $password until $length is reached
while ($i < $length) {
// pick a random character from the possible ones
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
// we don't want this character if it's already in the password
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
// done!
return $password;
}