I am making a web application and i want it to be secure, so i ll be using SSL and, will hash passwords. But my server is managed by a different company and it's a shared hosting server, they have direct access to database. I want to prevent any possible loss of sensitive information so i am thinking about encrypting all the data in the database.
Is this a good way to keep data secure?
are there any other ways to protect data in database?
I am using PHP, MYSQL, Apache, and Linux
please provide details. also if am thinking in the wrong direction pls tell that too.
Thanks in advance
This is not a big privacy issue
The internet is composed of some few websites / web applications using self hosted solutions with fully personal servers (owned and operated in their own NOC).
Everyone else is using some form or another of shared, virtualized, semi-private, semi-dedicated, collocated hosting. In every case the hosting company has full access to everything, they have physical access to the servers -- no amount of protection can help you there.
Shared hosting might be the easiest to access from the hosting company's perspective. But that's not relevant, their policies should prevent them from operating in bad faith because if they wouldn't it wouldn't really matter if it was the easiest or the hardest to access it would only matter how interesting the data you have is to them (or some random employee of theirs).
Finding a solution to the above non-issue
Some approaches might use:
Mounting an encrypted filesystem as a folder and setting up MySQL to use that folder to store its data;
MySQL encryption functions to encrypt the data in a particular cell or column;
a library on top of SQLite that had an encryption feature which would encrypt the entire database file;
On the other hand if your PHP files would be on the same server and the database decryption password would be stored inside your PHP files, any "intruder" could find it and use it if they wanted it.
You'd have to store the password on a different server or obtain it from the user in order to not have it present inside the local PHP files. This would obviously still be available at runtime; if the "intruder" is a programmer he will be able to retrieve it fairly easily.
Related
Say, I want to have code and db backups? Where should I store them so that if a hacker hacked my site and have access to php and mysql I could restore them. Local server does not fit. Considering third-party services (DB, Google drive) a hacker would have success to them in case he hackes a server. If you could suggest where to store third-party API credential so that a hacker could not access them I would appreciate that.
But beside that is there a way to make and store backups by a server in a safe place (so that hacker could not get them)? As I see the only way is to make backups by outer services: from another server. I could do it from my computer. But it is a wrong solution. After I finished a project I should not have access to it. And in general It is not the best solution to rely on my computer at all.
I could not find anything worth in the internet. Is there a way to securely manage backups only from a (one) working server?
I'm new to this so please be gentle with me!
I have a PHP login page which connects to a MYSQL table (users) for validation
I need a username and password to initially access the table. eg:
$con = mysqli_connect('localhost','masteruser','masteruserpassword,'users');
Is it safe to keep the username and password coded in the PHP file. I'm thinking it is because the PHP file will never be 'served' only executed.
Any tips please
PHP code is executed on server So no need to worry about this.
Only processed output from the php code is delivered to the client side in form of response in html and js.
It's totally safe. But it will be much better, if you move it to config file
It's safe unless somebody reach your server.
For what it's worth, WordPress works this way. The database access credentials are in plain text in a file called wp-config.php in the installation's root directory. WordPress is probably the most widely deployed MySQL based web app there is. So you should be OK. WordPress seems to be working fine. :-)
BUT: practice defense in depth. Create a special MySQL account for your web app, and restrict its privileges to the MySQL database (or databases) your web app needs. Don't put a MySQL administrative account in there.
Also, make sure that account is restricted so attempts to connect from machines other than your web host will fail.
Thirdly, try to use a MySQL server machine that's behind a firewall, and only accessible to other machines in the same data center.
Finally, keep routine backups.
If you're using a typical commercial shared hosting service they take care of most of this for you (maybe not the backups).
That way, if somebody does manage to crack your server and look at your password, they'll have a hard time making use of it, and if they do make use of it they won't be able to damage much. If they do damage your app, you'll be able to restore it from backup.
I am developing a small application that is going to serve as viewer (sort of dashboard) for a web application that uses MySQL as back end database. The application will only be doing SELECT’s, no INSERT’s or UPDATE’s or anything that changes the data. I know that the preferred way to architect this application would be to create a web service that has access to the database and then have the client app call the web service. This way you can really secure you MySQL database allowing only localhost access.
On the other hand, having a web service raises the complexity and resources needed for the application a lot. I not only have to write the process twice, I have to write two sets of test suites plus integration tests, and since the client is written in .net c# and the back end in php I have to develop some kind of interchange format and keep switching between two languages and IDEs throughout the development process.
I am probably going to write the service, but what I wanted to know is what the experience out there has been? Am I crazy just to consider accessing MySQL directly from a client or the fine engineers at Oracle have done a decent job securing their database, at least for users with only read rights.
If you use direct access to your mysql database just to select tables, you will need users that only have the right permission access to ensure the access security.
But you need to keep in mind that if you open the database port for external access, any security failure from your database will be exposed.
If you need other rules for example an specificity select that only select the group access from an user, you will need to write procedures in your database that read parans, and keep in mind that if some user exploit your application, he will be able to pass other parans for consulting your database.
No only oracle or mysql, all databases have lot of security options to give external access, but to use for complex applications is even more difficult than make a service layer to ensure the security access.
And you don't have crypt communication in the direct SQL query consulting as default.
Just make sure the user it accsesses the database from doesn't have permission to do anything it doesn't need to do such as drop tables.
a user with read only rights should do the trick
I have a website developed in PHP. There are 2 classes (in 2 seperate php files) that contain the siteadmin's gmail user id and password (in plain text) and database password (again in plain text). Though none of these classes are displayed on the browser ( like index.php). These files contain only php classes and no html code and the references to those plain text passwords is only through objects of those classes.
Off late, I have started to wonder if this is secure enough? I have tried my best (acting as a malicious person) to try and read the contents of the two said php files but was not able to do so. I am not very conversant with developing secure code, so not sure what should be my approach to make sure that these passwords never get exposed.
Could any one please suggest best practices to develop php code that can contain such sensitive information securely.
Put configurable items in a separate configuration file, above your public web directory
Make sure you have set correct file permissions to your files
Check your web application for local (and remote) file inclusion
Have your server up-to-date
Having your passwords at a safe spot is not the complete solution, you'll need to have your complete PHP application secure, and nobody unauthorized should be able to get root/administrator access to the server.
Firstly, I'd look at using OAuth for accessing GMail if at all possible - it means you don't have to store credentials at all, and provides some level of protection in case your server does get compromised.
I would also look at the answers to this question.
Finally, if your site is on the public internet, it's worth reading up on at least the basics of internet security, and especially securing web applications. There are all sorts of ways things can go wrong. I like the "hacking exposed" books.
Don't store passwords in files, because someone will eventually check that file into source control. Or someone will set a permission incorrectly.
Run the application with its own O/S user account
Put the passwords in an O/S environment variable for the application user (not a system environment variable)
What is the best way to secure an intranet website developed using PHP from outside attacks?
That's a stunningly thought-provoking question, and I'm surprised that you haven't received better answers.
Summary
Everything you would do for an external-facing application, and then some.
Thought Process
If I'm understanding you correctly, then you are asking a question which very few developers are asking themselves. Most companies have poor defence in depth, and once an attacker is in, he's in. Clearly you want to take it up a level.
So, what kind of attack are we thinking about?
If I'm the attacker and I'm attacking your intranet application, then I must have got access to your network somehow. This may not be as difficult as it sounds - I might try spearphishing (targetting email to individuals in your organisation, containing either malware attachements or links to sites which install malware) to get a trojan installed on an internal machine.
Once I've done this (and got control of an internal PC), I'll try all the same attacks I would try against any internet application.
However, that's not the end of the story. I've got more options: if I've got one of your user's PCs, then I might well be able to use a keylogger to gather usernames and passwords, as well as watching all your email for names and phone numbers.
Armed with these, I may be able to log into your application directly. I may even learn an admin username/password. Even if I don't, a list of names and phone numbers along with a feel for company lingo gives me a decent shot at socially engineering my way into wider access within your company.
Recommendations
First and foremost, before all technical solutions: TRAIN YOUR USERS IN SECURITY
The common answers to securing a web app:
Use multi-factor authentication
e.g. username/password and some kind of pseudo-random number gadget.
Sanitise all your input.
to protect against cross-site scripting and SQL injection.
Use SSL (otherwise known as HTTPS).
this is a pain to set up (EDIT: actually that's improving), but it makes for much better security.
Adhere to the principals of "Segregation of Duties" and "Least Priviledge"
In other words, by ensuring that all users have only the permissions they need to do their jobs (and nobody else's jobs) you make sure they have the absolute minimum ability to do damage.
If it is on an internal network, why is it even possible to get to the app from the outside? Firewall rules should be in place at the very least.
The best way? Disable direct external access!
If employees need to use it (like an extranet-style site), you should make them VPN in. Through VPN you have a lot more authentication options and most of them are a great deal more secure than leaving your intranet server accessible from the internet.
Another option, and this only works if the data is public-safe, is scheduling your intranet server to push the data to another server that is externally accessible. I say push because you really don't want this server to have access to your network. Let your network server do the work.
The best way to secure it? Don't connect it to a network. Make your users physically enter a guarded room with a single console, running Mosaic.
Oh, you want it to be easy to use?
Always verify every single input that can come from an untrusted source.
Don't trust any data sources.
When storing passwords, ALWAYS store an encrypted hash of the password.
When storing passwords, NEVER store passwords directly.
Never collect or store any data that you don't actually need.
Never allow yourself to be tempted into adding additional bells & whistles.
Read everything that Bruce Schneier has written on security and encryption.
If you forget these simple rules, you could find your application starring on the front pages of newspapers everywhere, just like Yahoo mail.
I would echo #Oli and favour the VPN method if possible. However, if for any reason you need more arbitrary access than this, you should use SSL to secure any authentication. And in addition to password authentication / IP address authentication it would be well worth looking at using SSL with client side certificates.
You could only allow access from internal IPs from the php app itself. Also dont ignore the usual security and best practices. Input validation and output encoding(whitelisting only), user accounts with hashed passwords etc.