发表新帖
发表新帖

How to secure database passwords in PHP?

后端 未结
关注
16 1111
闹比i
闹比i 2020-11-21 22:41

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I\'m using a single, minimum-permission login for my applica

相关标签:
16条回答
  • 走了就别回头了
    2020-11-21 23:19

    If you're hosting on someone else's server and don't have access outside your webroot, you can always put your password and/or database connection in a file and then lock the file using a .htaccess:

    <files mypasswdfile>
order allow,deny
deny from all
</files>
    0 讨论(0)
  • 星月不相逢
    2020-11-21 23:20

    The most secure way is to not have the information specified in your PHP code at all.

    If you're using Apache that means to set the connection details in your httpd.conf or virtual hosts file file. If you do that you can call mysql_connect() with no parameters, which means PHP will never ever output your information.

    This is how you specify these values in those files:

    php_value mysql.default.user      myusername
php_value mysql.default.password  mypassword
php_value mysql.default.host      server

    Then you open your mysql connection like this:

    <?php
$db = mysqli_connect();

    Or like this:

    <?php
$db = mysqli_connect(ini_get("mysql.default.user"),
                     ini_get("mysql.default.password"),
                     ini_get("mysql.default.host"));
    0 讨论(0)
  • 情歌与酒
    2020-11-21 23:23

    For extremely secure systems we encrypt the database password in a configuration file (which itself is secured by the system administrator). On application/server startup the application then prompts the system administrator for the decryption key. The database password is then read from the config file, decrypted, and stored in memory for future use. Still not 100% secure since it is stored in memory decrypted, but you have to call it 'secure enough' at some point!

    0 讨论(0)
  • 春和景丽
    2020-11-21 23:23

    Just putting it into a config file somewhere is the way it's usually done. Just make sure you:

    1. disallow database access from any servers outside your network,
    2. take care not to accidentally show the password to users (in an error message, or through PHP files accidentally being served as HTML, etcetera.)
    0 讨论(0)
  • 悲哀的现实
    2020-11-21 23:27

    Best way is to not store the password at all!
    For instance, if you're on a Windows system, and connecting to SQL Server, you can use Integrated Authentication to connect to the database without a password, using the current process's identity.

    If you do need to connect with a password, first encrypt it, using strong encryption (e.g. using AES-256, and then protect the encryption key, or using asymmetric encryption and have the OS protect the cert), and then store it in a configuration file (outside of the web directory) with strong ACLs.

    0 讨论(0)
  • 悲&欢浪女
    2020-11-21 23:33

    An additional trick is to use a PHP separate configuration file that looks like that :

    <?php exit() ?>

[...]

Plain text data including password

    This does not prevent you from setting access rules properly. But in the case your web site is hacked, a "require" or an "include" will just exit the script at the first line so it's even harder to get the data.

    Nevertheless, do not ever let configuration files in a directory that can be accessed through the web. You should have a "Web" folder containing your controler code, css, pictures and js. That's all. Anything else goes in offline folders.

    0 讨论(0)
 看不清?
提交回复
热议问题