1

When using:

$con = mysql_connect('localhost','user','password')

I have read about the benefits of storing the password part elsewhere (https://stackoverflow.com/a/3354457/1704651).

I'm fairly new to PHP and want to know if my method of storing MySQL passwords is secure:

  1. Step one, choose a lengthy MySQL Database Password (https://www.random.org/passwords/?num=1&len=24&format=html&rnd=new)

  2. Step two, put this in /outsidewebroot/salt.php (my actual salt is longer)

    <?php $salt = sdcjbdt8veADJbyuQxsfJtYeW7tC5; ?>

  3. Step three, encode password using a temporary PHP file (which is deleted after use):

    $decrypted = "my decrypted MySQL password" $key = $salt; $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $decrypted, MCRYPT_MODE_CBC, md5(md5($key)))); var_dump($encrypted);

  4. Step four, put this code in .htaccess

    SetEnv encrypted-password i3NOByNkztBtEbJ8LJMt2GbX9VjMzO2MTYtBXsxyYVI=

  5. Step five, put this code where you need to connect to your database:

    require_once("../../outside-webroot/salt.php") $key = $salt $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted-password), MCRYPT_MODE_CBC, md5(md5($key))), "\0"); $con = mysql_connect('localhost','user',$decrypted)

The salt in /outsidewebroot/salt.php is the same one that I use for hashing passwords in my database so I only have to include it once for two uses.

The encrypt/decrypt method I saw here: http://ideone.com/yQIAX

I have also seen this method: https://stackoverflow.com/a/3354457/1704651 using a hash instead of the encrypt/decrypt method.

Thank you for your feedback on my method.

Improve this question
4
  • 3
    One of the first way to secure it is to connect to mysql db with mysqli or POD with prepared statement. You want to stop injection from happening. Commented Sep 30, 2012 at 14:23
  • Instead of putting a lot of effort in the encryption of the mysql password, you should put that effort in making your site secure. I have no problem giving you the IP and mysql password of my site! Commented Sep 30, 2012 at 14:28
  • JvdBerg, I'm quite new to this! How have you protected your database? Do you have a link? Kind regards, Commented Sep 30, 2012 at 14:49
  • (Also, I did not know about mysqli or POD, as the mysql_connect() command was the first that I read about. Thanks Moe Tsao) Commented Sep 30, 2012 at 15:06

2 Answers 2

Reset to default
1

No. If someone can get your files or run programs it's game over:

  1. If your web directory is writable, I can simply add a line echo $decrypted; above that mysql_connect() and get the password.
  2. I can copy your files down and edit them there.

Security is a process that you go through, not some library you can link into your program.

  • You should store the configuration in the php.ini file so that your program need only mysql_connect() (with no arguments). This is a good idea because it may be easier for an attacker to convince your system to print out source code and web-accessible files than print arbitrary fiels on your system.

  • On Unixish systems like OSX and Linux, you should make sure you're using unix domain sockets which do not expose your MySQL server to the Internet; someone cannot connect to your MySQL server if it is not on the Internet. This provides some further protection against the "get your files" attack.

  • Take care to not permit your web users to create php files (or anything else executable). This provides some protection against the "run programs" attack,

  • If I can upload/edit your files, I can do anything they can do, so you should also be careful about your GRANT statements that you put in your MySQL server: If only the administrator needs to do certain INSERT or DELETE to certain tables, consider running the admin scripts as a separate web-user with separate rights. If your scripts cannot delete all your data, then I as an attacker cannot either.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The first rule of security is that if you're not certain you're secure, then you probably aren't.

The next version of PHP (v5.5) will have a set of functions built-in that provide standardised password hashing. Once this version is released, that will be the only recommended way to handle passwords.

In the meanwhile, you can download a compatibility library that implements the same functions for current PHP versions. Download it from here: https://github.com/ircmaxell/password_compat

See also: http://www.h-online.com/open/news/item/PHP-5-5-should-reduce-password-sloppiness-1707835.html for reference.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.