I have a config.php file for my website that I store outside of the publicly accessible web directory and it contains my password information for a gmail account I use to send mail for the site and my database connection credentials. I don't like the idea of saving the password as a plaintext variable and was looking for some way to have this data more securely saved. Beyond blocking read access to the directory from users other than me, what can I do to secure this information?
You will end up saving in plain text most of the time. Say for example you want to encrypt, then the key to decrypt will have to saved in plain text etc etc. So better off making sure your server is secure.
Depends from what you are trying to protect.
Keeping your file outside the htdocs (webroot directory) is generally a good idea so that the file can't be called explicitly from outside. (I.E directing the browser to it).
If you want to protect the $var from within your code (i.e. third party malicious code) you can always unset the variables after they are consumed, although I don't know if that makes much difference.
If you want to protect the file from someone that might "hack" into your server, there isn't much you can do. You can always set the file permissions so that only www-data (your apache user) can read it but if someone gains root access to your machine, you are pretty much screwed.
Anyways, if your server is safe (no root access remotely or only through shh with public/private keys, you don't access your server from public PCs, etc...), you don't use third party code without inspecting it first and you store the pass file outside webroot directory, I think you're as safe as you can be.
Related
I am using SQL in my app so i have created php site to manege it.
the problem is that the password required in mysqli_connect is the password to the main server (all the file maneger,mysql,etc).
what is the best way to secure my password (sending it from the app or wirte it down explicitly in the php source file).
Other suggestions?
There are many ways, but in general: put it in a file that is outside of the webroot, or a file that is otherwise unreadable from the outside. ie. a PHP file that gets executed will not expose it's source.
If you're using Apache you can store it in a file named .htsomething because Apache, by default, blocks access to any file starting with .ht*
You can store it in a file named secret.txt and block access to it by added an .htaccess RewriteRule.
For my projects I store settings in a JSON file that is outside of the webroot. One major advantage of this approach is that other applications, like a deploy or monitor tool, can read and easily generate this settings file. And it's also clean, you can't do any programming in JSON.
First up: Make a new account for your application with only the privileges required for your app!
Second: Put the in a file somewhere on your system locked down as best as possible. There are things you can do to obfuscate the password further, but in the end you will end up with a plaintext something which can be used to work your way back to the database credentials. So to be clear:
Use a database account with minimum privledges needed to run the app.
Manage security to the config file holding the password as best as possible (only the user running the service and admin should have access), keep it outside the webroot.
Just refreshed the other answer - the advice by #FritsVanCampen is also dead on.
I know that the question How do I secure my database connection credentials? has been asked and answered multiple times (e.g. How to secure database passwords in PHP?).
A commonly accepted answer to that question is to store the details outside of the web root. But I'm curious as to why this really makes much difference.
From what I understand, a person cannot download the source of the PHP file via HTTP (unless your web sever is not configured properly, but you would know about that right away). So you won't be able to see the credentials unless you have access to the source of the PHP file anyways. Correct me if I'm wrong, but doesn't this basically mean that you would need shell access? And if you have shell access, can't you just get to the file outside the web root anyways?
If the answer to that question is that the include file might have special permissions that don't allow anyone but the web server user to read it, then (considering that I have shell access), couldn't I just write (or modify) any PHP file to just echo out those credentials?
So the question is, does it really make any difference whether you store the credentials directly in the PHP script vs. in a file outside the web root?
Suppose, due to a error in the webserver, the webserver no longer processes php files, but treats them as html files.
In that case something like http://mysite.com/config.php would simple reveal the credentials of your database.
So the answer is: Yes, it does really matter, where and how you store the database credentials.
The main issue is that the web server might break down later on. E.g. after a software update php might not work properly anymore and the server falls back to delivering the files directly. Or again after a software update the configuration might be reset, so PHP is no longer registered for the file extension. Or the server breaks down under heavy load and also starts delivering files plainly.
Many things can happen and it's rather easy to mess up the config at some point. Better be safe and keep it outside the document root.
Create an O/S user for your application, such as 'UserForMyApp'
For that user, create an O/S user environment variable 'MY_APP_DATABASE_PASSWORD', and set the value
Run your app as 'UserForMyApp'
In MyApp, read the O/S user environment variable 'MY_APP_DATABASE_PASSWORD' and use that to login to the database
Other non-root users cannot read an O/S user environment variable for another user. This is default. You don't have to set anything, unlike w file permissions.
There is no chance of storing the password in source control by accident.
If db and app are on same machine could just let db trust local access without password.
Is there a way to encrypt or enclose my code on my Linux server after deployment? I know Zend does some kind of encryption, right? Is that what people use? Is this even possible? How do I go about keeping my code secure online?
You are right, you can use Zend Encoder, Ion Cube or something like Source Guardian to encrypt your source code.
Its not really needed unless you are giving away your code and dont want people to steal it though.
What is it about your server that you think its insecure?
Periodically check the open ports on you server
Do not trust the data coming from the browser - verify it and validate it.
Periodically do an audit of the processes on your machine and who can access them
Only have files in the document root that should be accessible by the outside world. Include files etc should not exist here
Check the log files periodically to check for suspect access.
For PHP errors/warnings - find a mechanism that does not give the client (browser) any info what has gone wrong. Send that to yourself. This is true for MySql as well.
If the file-system on your server has been compromised, then all is already lost. The best you can do is restrict folders, which are writable by web-server's user.
Also keep the application code outside the DOCUMENT_ROOT. Publicly available should only be the file you actually intend to show user, or which would not show any sensitive informations: like an index.php file which contains and include ../app/bootstrap.php .
You could use Zend Guard, but this would impact owner of the code. You might not be always the one maintaining it.
I developed a php application, and I have a config.php , which store the constant use among the application, in this file, it included all the important information, such as the Mysql server address, port number, user name and passwords. I am worry about someone can get the file, and do something that I don't want, how can I protect this file? Thank you.
Practice general good password security (don't use dictionary words etc)
It is good practice to name the file with a .php extension, as you have done, because then the web server is unlikely to be tricked into serving the file as plaintext.
Make sure config.php is stored outside of web root. That means that if something were to go wrong with your server configuration and it started serving PHP files up as plaintext, you wouldn't leak your database password (because no-one would be able to request config.php).
Make sure the database credentials are appropriately-named constants, rather than variables. This makes it less likely that you might somehow use them inappropriately (for example, if the password was $password rather than DB_PASSWORD you might do something with the $password variable in the global scope, forgetting that it's in use - unlikely, but a small possibility).
Normally it is just stored in a php file, you can make if belong to the www-data user or what ever your web server is using. If someone does have access to your server they won't be able to open it
I'm writing a simple PHP script to access the Foursquare API. The PHP will always access the same Foursquare account. For the time being, I have this login information hardcoded in my script. What is the best way to secure this information?
If I follow the advice from this thread, I should just place the login information in a config file outside the website's root directory:
How to secure database passwords in PHP?
Is this the best advice? Or is there a better way to secure the login information?
The best way, of course, would be to not store it at all.
If you can't do that, storing it inside a PHP file (as variables) should ensure it's not going to be sent to the client side. If you're really paranoid about your web server suddenly stopping to interpret PHP, you can put it in a separate file, outside the document root, or where access is denied (through a .htaccess directive, for instance).
(There are linux-specific details here, so please forgive them if that's not your platform...)
If you're running on apache and have access to the configuration files (which may not be the case with shared hosting), you can put a line like this in your VirtualHost config (or httpd.conf, or other included config file):
SetEnv FOURSQUARE_PW "your password"
Then your php scripts can access it at $_SERVER['FOURSQUARE_PW'].
The advantage here is that you can make that config file readable only by root, since apache will be started as root using init.d.
storing it in a .php file as a variable outside the root directory in a filename that is not something easily guessed is a reasonable secure way of keeping your credentials safe. But if you can avoid storing it on the server at all then that would be best. Provide a login page to enter that information into upon demand to be used for the session and then discarded once you no longer need it.