Be Clear: This question is not about password encryption/hashing to save into database.
I have developed a PHP application for a client. The application is installed on client machine with XAMPP (placed at htdocs/project_name). Client uses that application locally but the local database is synchronized with remote MYSQL database by Export Report button available on web interface.
My concern is when I store a connection string for remote database in my PHP code the username & password are visible to any guys who can hunt PHP script file and can see it. I don't even wish the client be able to view passwords used for remote connection/synchronization.
How can I achieve this?
You want to give user permission (login data) to connect to the
database but at the same time don't give him permission (login data).
The only thing that is on my mind to store login data corrupted,
and in code decrypt this data with some key hardcoded in the script. This is hackable,
but if the user is not programmed it is unlikely to do this
If you accept Kerckchoff's principle then it is impossible to provide an authentication which is available to a program run by a user without making that token available to the user. If you provided a better description of the problem, specifically the modes of operation you are trying to prevent then we might be able to provide effective solutions (e.g. encapsulating all data access in packages would restrict access to data for specific users).
Related
I am trying to secure a PHP web application which runs out of a WAMP-style local installation.
Currently, passwords for the app's database are just in the .php files. I thought about encrypting them, but any person can just step through the code to decrypt them pretty easily.
This does not run on a web server, it runs on the user's PC. Has anyone here attempted to secure this type of application, and perhaps shipped a compiled program to return the passwords, or perhaps used an external keystore somehow?
Your thoughts are appreciated.
Clarification: The database is also on the local PC.
There are a LOT of very robust external authentication providers out there. Firebase and OAuth to name a few. Technically speaking, no system is 100% hack-proof, but Firebase and OAuth provide would-be hackers a tough road to success
You can use ENV variable in that case make .env file and store password in that and call the same in application.
You can create environment variable in Apache config file and call from there in your application this is more secure.
There is no way to protect a database connection credentials if you are giving the client / user the source code. Basically if your app can access it and the source code is there for them to use, read, parse then they have the same access as the software does.
I'm new to this so please be gentle with me!
I have a PHP login page which connects to a MYSQL table (users) for validation
I need a username and password to initially access the table. eg:
$con = mysqli_connect('localhost','masteruser','masteruserpassword,'users');
Is it safe to keep the username and password coded in the PHP file. I'm thinking it is because the PHP file will never be 'served' only executed.
Any tips please
PHP code is executed on server So no need to worry about this.
Only processed output from the php code is delivered to the client side in form of response in html and js.
It's totally safe. But it will be much better, if you move it to config file
It's safe unless somebody reach your server.
For what it's worth, WordPress works this way. The database access credentials are in plain text in a file called wp-config.php in the installation's root directory. WordPress is probably the most widely deployed MySQL based web app there is. So you should be OK. WordPress seems to be working fine. :-)
BUT: practice defense in depth. Create a special MySQL account for your web app, and restrict its privileges to the MySQL database (or databases) your web app needs. Don't put a MySQL administrative account in there.
Also, make sure that account is restricted so attempts to connect from machines other than your web host will fail.
Thirdly, try to use a MySQL server machine that's behind a firewall, and only accessible to other machines in the same data center.
Finally, keep routine backups.
If you're using a typical commercial shared hosting service they take care of most of this for you (maybe not the backups).
That way, if somebody does manage to crack your server and look at your password, they'll have a hard time making use of it, and if they do make use of it they won't be able to damage much. If they do damage your app, you'll be able to restore it from backup.
I started to develop a web application as a major project for my degree. Purpose of app is not important. My problem is handling the login. I have no problem with setting up login with jQuery mobile, that is actualy working pretty well. Problem is I'm handling login with php script through ajax and creating session in that process. So for checking if user is logged in or not I'd normaly use a php script, but in this case I can't. I need to keep using only client side for authentication. What would be the solution for this? Can I handle authentication with some native jQuery functions or do I need to write some JS scripts? If anyone have any solution please I don't need actual code, just best solution. Thank you
You can achieve this as long as login authentication is restricted to the device. What I mean is that user-id / password combination can be stored locally on the device. You may choose local file system storage for this. Here are the steps:
1) Make user register with uid/password
2) Check uid is existing in your local storage. If not register by writing it to local storage.
3) Later when user returns, validate login credentials against the local store.
I assume you're developing a native app with a mobile web framework. In this case you have two choices:
POST the login details out to a server somewhere, authenticate and return the session, allowing the user access. This will obviously require internet access, but will be more secure.
Store the credentials in local storage using JavaScript when the user signs up. Encrypt this value and compare against it when the user logs in.
I'm developing an online application that will have many outside users. As for now my connection method is to host a centralized database for all users, while they connect from their own server files.
Method:
PHP Connection File (hosted on their server; file provided by me) >> Connects to my MySQL Database
Now obviously I need to provide my database user and pw info, but I know that questions security.
So to my point, how would I provide database access to outside users(different servers) without giving up security.
Or if someone has a better method I'd love to hear it. Thanks!
Create an API in php, sort of webservice with an interface that you define and host this API on your server.
Each user (script that runs on users server and uses your API) needs a personal API key or access code they need to register to the webservice.
Take a look at well known API's like Google maps or something similar. Oh even stackoverflow has one
Create a signup form for users and store their own UserID and Password in a table on your site. Then create a PHP interface for them to upload their files. That way, you need only validate thier own UserID and Password through a HTML/PHP form to allow them to sign in, and your MySQL creds stay safely hidden.
So I am currently building an application that uses PHP as a web service which subsequently talks to the database in which I store my data. I have chosen to take this route because I am going to have a front-end application that will talk to the database and will be distributed and I do not want to contain any sensitive connection data within it. As of right now, here is how my application works:
1) Client-side application packages data as JSON and sends it via AJAX to the external PHP web service.
2) The PHP web service receives the request and validates it. This validation is done by checking that the correct parameters were supplied via the query string, that the JSON string that was passed along is valid JSON, that the properties within the json_decoded JSON object have the same names as the JSON object that I'm expecting, and that the value types of each property are of the correct type of the JSON object that I'm expecting.
3) If the JSON is valid then the PHP connects to a database and calls the stored procedure that corresponds with the input parameters. The connection data is kept in a separate config.php file and included in the web service.
4) If the database call succeeds, any relevant data is returned to the caller via JSON. Any errors that occur will kill the thread and return an error to the client.
Now, with this architecture, are there any screaming vulnerabilities that anyone sees? In order to better protect the connection data (as that is primarily what I would like to keep hidden from users) I am thinking about doing the following:
-Encoding the data in the config.php in a base of my choosing and then decoding it when connecting to the database.
-Obfuscating both the service and the config files.
Does this sound like enough in terms of protecting my connection values? Is there a better way to store sensitive connection data aside from a config.php file? Is there a way for somebody to easily get access to the .php file that contains the sensitive data? Any advice that you all can give me as to how to further secure this application from attacks would be greatly appreciated.
Best regards,
You could use the PHP OpenSSL libraries to encrypt sensitive data in your configuration files (rather than using security through obscurity). First use OpenSSL to generate a PKCS #12 certificate, then create a PHP page that uses the OpenSSL libraries to import that certificate and encrypt a section, or the whole, configuration file. Then from your PHP code that connects to the database, import that certificate again, and decrypt your sensitive configuration data, then use it to connect to the database. Depending on the size of the data you want to encrypt you may have to envelope the data with AES, then use the RSA keys to encrypt the AES key. This is getting a little complicated for everyone to implement themselves, I think I'm going to write a library for this, thanks for the idea.
Other than that, seems like you have some pretty good security.
From a server point of view...
If your database is on a separate server (which I'd recommend) - lock down the firewall to only accept requests from your web server.
You'd basically only allow access on port 3306 from the IP of your web server. If you're using something like Amazon Web Services this config is really easy to setup.
That way even if someone got the login credentials you'd have another barrier to entry.
Also, I'd make sure you're not on shared hosting, get a decent dedicated server for the web server with a reputable hosting provider that has a good SLA.