tags:

views:

283

answers:

8
+2  Q: 

how do I encrypt and then decrypt the text of username and password used in database class file

Hello everybody,

I have created a class file database.php which handles all the sql queries and connecting to database. I store username and password for the database in a variable (which is easily seen if one gains access to the php file).

I want to encrypt that username and password so that even after having that php file one is not able to have an idea of the original username and password.

Please help me as I am in need of some idea desperately.

Thanks

+1  A: 

Sorry I had misinterpreted the question to begin with..

If you are using a username and password for your script to access the DB, then obviously you need to store this somewhere to begin with (in your script).

The only way I can think of would be to obfuscate the password in your source and do some manipulation to get the correct value. But this just seems like overkill, as if someone has access to the source already then more than likely they can figure the rest out..

EDIT: Why not store the username/password in a local file on the server, then only give read access to PHP? At least that way it is not directly viewable in your source code.

James  2009-12-22 11:49:41
+1  A: 

If someone has access to your source, then they have all of the means necessary to connect to the database, regardless of how you store your password. After all, the PHP interpreter eventually needs to know what the actual password is, and anyone who can see the source can do exactly what the PHP interpreter would, thus acquiring the password.

Instead, you need to find a way to control who has access to your source.

Amber  2009-12-22 11:50:05
Correct, but the issue here is that the password should not be stored in plain text so that automated password stealing scripts are not able to access the database. I think they do not intend to hide the password from an intelligent human. They just need to hide it from the script. In fact, I have the same problem.
Vinayak  2009-12-22 11:55:32
Why are automated password stealing scripts looking at your source code?
Amber  2009-12-22 11:57:53
It can happen when the virus has been uploaded along with your application's source code.
Gaurav Sharma  2009-12-22 12:04:22
If viruses are being uploaded to your production machines, you have far greater issues than a single password.
Amber  2009-12-22 12:10:29
But if a virus is on your development machine, and then on your server, it won't really need to know your database password, as it can just read the data from the database directly (if it's in PHP), otherwise it can do a bunch of other things which result in the same thing - a compromised server.
Daemin  2009-12-22 12:11:46
+4  A: 

This can hardly be done. You need the password in a decryptable form to send it to the database. Any such form will in some way be readable by a person who gains access to the .php file.

The common sense approach is to keep the configuration files outside the we broot as a basic security measure, and prevent outside attacks through properly securing the server. Hundreds of thousands of web sites run that way, without additionally encrypting their sensitive data in the way you describe.

Pekka  2009-12-22 11:51:18
+3  A: 

I'd hate to break it for you, but if someone has access to your source files for your site then it's already game over. They will be able to insert code into them to just scrape the data needed, or more likely get the code to install a trojan onto your visitors computers. It's best that you spend the time and engineering effort locking down your servers and development machines so that a perpetrator can't get in. Also having a good disaster recovery plan is a necessity.

Daemin  2009-12-22 11:51:42
+1  A: 

There's no way of encrypting something so that only MySQL can decrypt it. You need to provide MySQL with that plain-text password sooner or later.

Idea
Set the file permissions on database.php as low as possible. If you have this:

 rw-rw-r-- gaurav gaurav       database.php

Then maybe set it like this (assuming your php-processes are running under www-data)

 r-------- www-data www-data   database.php
0scar  2009-12-22 12:38:31
+1  A: 

I assume you are distributing the code somehow, or that you don't trust your own host environment.

There are ways of encrypting PHP source but they have varying levels of complexity and cost. Some require additional (decryption) software to be installed on the host server, which may or may not be an option that you can have.

Have a look at this article for some further info on a number of PHP encryption tools.

nealkernohan  2009-12-22 12:47:36
+1  A: 

If (and only if) your intention is to stop showing the username+password to people who have access to the source, it could be done. It's not too convenient however, and consists of these steps:

One-off:

  • put your username and password into a strongly-encrypted file (e.g. AES with a long,strong key) and set its permissions accordingly

On every boot:

  • on server start, decrypt the file, manually entering the file's password, and use some long-running process as a temporary storage
  • now that you have the username+password stored in memory, erase the decrypted version of the file.

In your scripts:

  • request the username+password from your temp storage
  • connect to database
  • remove the username+pw from your script's variables

Note: all this means that the password cannot be recovered by looking at the source code. Those who can modify and run scripts on your server are in the same position as before - "request password, print it out", instead of just "print it out". Another disadvantage is that you now have to enter the decryption password on every server restart.

Piskvor  2009-12-22 12:48:22
A: 

When storing a password you ALWAYS use one-way hashing, preferably SHA-256 (because MD5 isn't secure) to store the password. And when you want to compare the password, simply SHA-256 hash the attempted password and see if the hashes are the same.

Encrypted passwords are simply not secure, if there's a way to get the raw text password out of the garble, your security is flawed.

PS: And yes any website that can email you your password is flawed.

TravisO  2009-12-22 12:50:30
If you're going to disagree with a well written answer, point out why it's wrong. My advice is solid, and mandatory the US's PCI security requirements and HIPPA which are federal mandates.
TravisO  2009-12-22 22:13:24
TravisO: This is not about website user passwords (where your advice would be completely correct), but database connection password. When the website script is connecting to a database server, the db server asks for a username and password. Now, how do you provide these from your script, if you don't have them (because you only have the hashes)?
Piskvor  2009-12-23 10:37:08

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases