PHP DB Passwords : Managing 'admin' and 'read-only' users.

Question

Hey,

I've read the "how-to-secure-database-passwords-in-php" which recommends keeping the password in a config file outside of the web root of the application, but what pattern should I use if i want to control "admin" and "read-only" users of my site. When an admin logs in i need to be able to load the admin config password file, and vice versa. I want to use the same domain model for both users. Should i model a 'Role' object and have this manage the password that is used? or is there a simpler solution. Also should i create two seperate password config files, or bundle both account details into a single file?

Regards,

Answer 1

Well, there is no single "right" answer for this. It depends on the complexity and scope of your project - but more importantly, it depends on the changing nature of your project.

If you anticipate a lot of changes and additions of different people needing to have admin access or read only access, then yes, you will need to use your model layer to store and access the passwords. A role object could be useful if you needed to access more granular permisions/privileges in different parts of your app. Otherwise, having a single boolean isAdmin field or an integer/enum in a role field is probably ok.

The only cases when it might work to have a user facing password in a config file is if the admin is accessed rarely, and only by one or two people. Otherwise, you want to treat the passwords as a fully fledged part of your application model.

Answer 2

All passwords other than the DB password should be stored in the DB and one-way hashed. It's the simplest, most common method and very secure. And yes, storing the db password in a config file above the web root is a good idea too.