tags:

views:

50

answers:

2
+1  Q: 

database security

I've been reading about database security when it comes to websites. And it says an attacker could steal a database and then have as much time as he wants to get all the user's passwords. If an attacker stole the database, why would he need the passwords as the authentication is done in php? So he could just access all the user's information without knowing the password. Eg a forum with password protected areas. The attacker could try and get the password of a moderator or user with access to the protected area by getting the database (eg the attacker could be an employee of company that hosts the database), and then go to the forum and log in as the user.

or the attacker could skip that and just look in the table of posts in the hidden area.

Basically if the attacker had access to the database, why bother with username and password when you can access that data without needing to authenticate.

(this blog post made me ask the question: http://www.richardlord.net/blog/php-password-security)

+2  A: 

You have an obligation to your users to protect the password as much as possible. That means guarding the database from theft. That also means doing a strong salted hash so that if the attacker does get the database, it'll take a prohibitively long time to extract all of the passwords (it's always possible, but make it not worth their while).

One way is to use a multiple salt hashing system. Basically you use 2 separate salts. One you store with the user that is unique for each user, and one for the entire site stored elsewhere. That way, if they don't get both salts, it's exponentially harder to crack (though still not impossible).

Most users use one or two passwords for all sites. So if your site is compromised, all of their credentials are as well. That's why it's imperative that you make every attempt possible at locking down your systems (including the database, and any sensitive data inside of the database)...

ircmaxell  2010-08-12 11:15:33
I understand in terms of protecting the users password in case they are used on other sites. But I'm talking about the data in my database. Should an attacker download the database the user's data (their posts on the forum) are stored in plaintext. The user's password is only needed to access the user's data through the web interface. If the attacker has the database he doens't need to use the web interface and therefore doesn't need the user's password to access their data in my database.
Jonathan  2010-08-12 11:25:43
True, but if they get your database, they more than likely would be able to do a lot worse (after all, how did they get the database in the first place). That's why it's so important to use a firewall. That's why it's so important to use strong passwords and sanitize all input. That's why it's so important to be vigilant and proactive with security. Attackers should never be able to get your database in the first place. And that's the point...
ircmaxell  2010-08-12 12:20:41
I know, the most common reason that a person could get a database is if they work in a hosting or back up company. I'm not saying I shouldn't go through all the proper security, just what's the point if someone could get access to the database and skip the security entirely, dportas makes a good point.
Jonathan  2010-08-12 20:48:28
If you're worried about that, why not encrypt the partition that Mysql is on? That way even if someone gets access to the computer, they can't access mysql's data... The only way they would gain access, is if the somehow cracked Mysql itself (or the mysql account on the server, or root)...
ircmaxell  2010-08-12 22:24:15
A: 

It depends on what else he could do once he gets a login and password. For instance the web site in question might allow him to order goods in another user's name or to impersonate that user in some other way. In other words obtaining the login credentials allows the intruder to turn a passive attack (reading data) into an active one (performing actions he shouldn't be allowed to).

There is also the problem that users commonly use the same password on multiple sites. So a security compromise in one place may compromise other things too.

For these reasons, passwords should not be stored in a database in readable form. Passwords should always be hashed (not encrypted) using a cryptographically secure hash algorithm.

dportas  2010-08-12 12:53:29

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL