How can I store password securely in MySQL and authenticate to external services

Question

Currently I have a PHP script that connect to a mail server via IMAP and parse new emails to MySQL. credentials to connect to the mail server are stored in MySQL using plain

Answer 1

The point of hashing passwords is to ensure privacy&confidentiality for the end user in the case the database get hacked. Obviously you can't use hash functions because your script needs to read back the imap password so you should encrypt it with some symmetric crypt function (e.g. AES, blowfish, 3DES and such). Now you're facing the problem of where to store the symmetric key material: storing it in the same database is completely dumb 'cos hacking the database would mean reading the key. You could hard-code the key material inside the script or in an external txt file: now the hacker should compromise both the mysql server AND the web domain to retrieve the imap password and that's the maximum security level you can reach with a standard php+mysql general purpose domain.