Is it safe to store plaintext passwords in MySQL *temporarily*?

浪子不回头ぞ 提交于 2019-12-08 19:14:07

问题


A little bit of background --

I run a game server that runs in Java, and a forum that runs in PHP (phpbb). I have the game and forum accounts linked, such that changing the password in the game automatically changes the password for the forum account. The two systems use different password hashing algorithms, and I need to update the password hash on the forum side by using phpbb's built-in functions, meaning I have to call them from a PHP script (rather than running my own code).

In order to do this, I decided to have Java call the PHP script by making an HTTP request to the PHP script whenever the password needs to be changed, to trigger a PHP script that completes the password-changing process for the forum account. However, I don't want to put the plaintext password in any HTTP call, since it might show up in log files and maybe other exploitable areas. My current idea is that when the Java side is changing passwords, it puts the new plaintext password in a database table, and then makes an HTTP request to trigger the PHP script, such that no hashes or sensitive information goes into the HTTP request. The HTTP call would only pass the username of the account to be changed, and a md5 hash of a shared secret plus the username, for authentication. When the PHP script runs, it retrieves the new plaintext password for the user from the database, immediately deletes it, then runs the plaintext password through phpbb's hashing algorithm and updates the forum database.

Under typical conditions, the plaintext password would probably be in the database for less than a second before it is deleted. Ideally, I wouldn't be storing it anywhere at all, but I am not sure how else to communicate the needed change from Java to PHP when I can't predict what the forum's password hash will be, so I need to somehow send the plaintext password to the PHP script that does the hashing.

Any ideas on a better way to do this, or is there any feedback on storing the plaintext password for a very short period of time? I consider the MySQL login to be secure and is not shared with other people or projects.

Thanks!


回答1:


Encryption is the way.

  • Encrypted connection: Synonym for HTTPS. Pass the data to phpbb using HTTPS, if your server supports it.
  • Encrypted data: either encrypt the password and somehow store the key (very insecure), or use asymmetric encryption. See the answer to my question for a good insight of how to send the password over a secure channel.



回答2:


Don't store plaintext passwords. If your game becomes popular, it might be a target to constant attacks of hackers especially if it will contain a monetary aspect (i.e - the case of world of warcraft, travian and others). In this case, you will need to assume that although you attempt to protect your system, Someone might hack it, and as a result get sensitive data. You should use standard encryption mechanisms in order to perform this task (i.e - send the password to forum system via HTTPS for example, in a secure way). I would also recommend you to explore the comment of @Joshua Kaiser - single sign on may be the key to answer your needs, and don't try to reinvent the wheel here. I can tell you I Work with kerberos for example, and Kerberos has a ticket mechanism in which the tickets can be re-used among applications. Unfortunately I dont know PHP, and don't know how pluggable the forum framework to use different authentication modules.

P.S - I posted this answer twice by mistake, and tried pressing "delete post" - I hope stackoerflow takes care of that.




回答3:


It depends on the database that you're using with Java more than PHP. In PHP use PDO to connect to the different database and manipulate the data. You might try simply having one DB as the primary password storage and the other as salve - depending on reverse encryption mind you.

Have PHP (For example) PDO the text password directly into the Java db in a temp field - specific to the user of course - and then tell PHP to trigger a Java Function to read that column, hash it, update the correct column and delete the temp field.

If done properly, you could have the time-frame of vulnerability limited to a few milliseconds.



来源:https://stackoverflow.com/questions/13486126/is-it-safe-to-store-plaintext-passwords-in-mysql-temporarily

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!