What's best way to secure a database connection string?

Question

I am writing a set of database-driven applications in PHP. These applications will run on a Linux server as its own user. Other users will likely be on the system at times

Answer 1

Here's a link to a free Apache module that helps to manage access to a password store:

http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm

It seems a little elaborate to me, and requires you run PHP under mod_php. And still it doesn't address the possibility that unauthorized people who have access to the server can just read your password file.

I think you have to rely on file permissions, and trust that unauthorized people don't have the ability to sudo to your PHP application UID, or to root.

Answer 2

If the machine really is being administered in the traditional Unix fashion, where J. Random user isn't off su-ing to root all the time, I'd say that filesystem permissions are your best bet. If someone gets unauthorized root access, no amount of encryption silliness is going to "secure" the connection string.

I'd mark the files w/ the connection string as owned by the "script user" and give them access as you describe.

(Bravo for realizing that encrypting the connection string doesn't buy you anything, in this example. Security through obscurity is counter-productive.)

Answer 3

My best solution so far has been to store config files in an encrypted partition so that people with direct access to the machine can't pull the passwords off by connecting the drive to another PC, and with file system permissions so people can't read the file from inside the OS itself.

You need to understand, though, that there's not much you can do against an attacker with direct access to the machine. If it's running the database server itself, then securing the config files won't have much effect if he can modify the database itself. Just make sure that everything is as secure as it can be and you'll probably be okay.