Im using Capistrano to deploy my PHP project which is going great (other than the fact that its uploading to current/ and i want to go to / but ill figure that out later), but i need some advice as to where i can securely put my config.php file (contains all the mysql connect info) so that it wont be subject to hackers.
Any know any good methods or links?
Every file will be subjected to hackers if they hack the system... The file location isn't critical, but you can put it above public_html in order to prevent clients accessing it directly. Ironically, even if you put it there - the details can leak to the client due to bad PHP configuration (if having inappropriate error level)
Do you use an .htaccess file?
Assuming you're using apache, you can also chown the file to your apache user and chmod it to 600.
I ended up just putting in a directory and added an include .conf file to apache configuration that block access to that directory.
Related
I was learning SQLite3 from here; it's really good and portable, but what if someone somehow get to know the database file name say test.db, and then simply downloads it ?
Probably it will be more dangerous than SQL injection, as the attacker can easily get an copy of whole database.
You can restrict .db files in your .htaccess file to do the same add this lines of code in your .htaccess file located in root
<Files ~ "\.db$">
Order allow,deny
Deny from all
</Files>
This will result in an 403 error and will also hide it from being listed in the files list if you (probably you wont) put an index file in an directory.
Just don't keep the data file in a directory that is accessible over HTTP.
If you were using Postgresql or MySQL, you wouldn't keep the data files they used under your web root. The only relevant difference is that databases built around servers tend not to ask you where they should store their data files each time you create a new database (and just stick them somewhere in /var/ based on their default configuration). Don't keep the SQLite files public either.
The question of whether giving people an entire copies of the database is more dangerous than SQL injection is debatable. On the one hand, they get very easy access to all the data, but on the other, they can't change anything on your website.
This question is a consequence of the ubiquity of shared hosting: there is a common view that everything in a project has to go in the web server's document root. However, where possible, it is much better to have a sub-folder in the project for the document root, such as www. You then set up a custom vhost to point to this folder within your project.
That means you are free to create folders elsewhere in the project for files that simply must not be downloadable. I tend to create a folder called /data for SQLite databases.
Unfortunately, not all hosts permit this, in which case #Subhanker's .htaccess approach is a nice solution.
I have a doubt about PHP, Apache, server interpretation... I know that when a PHP file is loaded by the browser from an Apache+PHP server it is interpreted and only the HTML and plain text is showed but is there a way to download this files instead of interpreting them?
In this case it would be very unsecure because MySQL passwords would be unsafe.
Is it any security measure to prevent this or it's impossible to download this files?
As long as your server is setup properly it isn't going to happen.
A good step though is to put all of your actual passwords and whatnot in a config.php and including it. That way you can use htacces too block that file so that should your server ever start serving the raw pages that file won't be accessible anyway.
To clarify if you create a .htaccess file and place it in the same folder as the config.php with the below information that file will not be served, even if requested directly. Simply define your config stuff (db name, user name, password, hashes, etc) in this file and include_once it at the top of each page that needs it and you will be good to go.
<files config.php>
order allow,deny
deny from all
</files>
There is no way to 'download' PHP files, but for more security you can place your 'core' PHP files outsite of the public_html folder
Unless the PHP interpreter stops working for some reason, it's not something to worry about. Most servers are designed to interpret the PHP files every time they are requested and serve only the interpreted HTML text. It's possible to secure your sensitive PHP settings files just in case - often by placing them outside of the root directory with modified permissions.
The only way someone could download the files is to have a server set up that serves the raw files. As long as you don't have such a server set up, they're inaccessible. If the only server software on your system is Apache and it's configured correctly, people cannot see your source code.
However, if somebody seeing your source would render your app vulnerable, you might want to give some thought as to how you can fix that problem. Lots of secure open-source software exists — why would yours being open-source cause problems?
With proper configuration apache guarantees that files will always get interpreted and won't be offered for download.
You always may install fault update or make wrong configuration, but with skilled admin and stable release those cases just don't happen.
I'm new to CodeIgniter. I notice that all CodeIgniter folders (cache, config, controllers, core, errors, etc...) contains an index.html file that basically says "Directory access is forbidden". Correct me if I'm wrong, but I don't think it is possible to get to any of these folders from the web based on CodeIgniter's default configuration.
What is the purpose of these index.html files? Can I just delete them, or do I leave them alone?
Thanks much.
The purpose of them is to prevent the contents of the directory from displaying if directory listing is enabled on your server. Apache servers by default have directory listing enabled.
There are several instances where given the right circumstances you might be able to attempt to browse to a folder directly. These would mainly be caused by a server which is not configured properly, or an exploit. Therefore it is really best if you just leave the index.html files alone (they aren't hurting anything, and they don't take up that much space).
I'd even go as far as to suggest that you too add an index.html file to any and all folders which you create.
They are there for fail-safes, ie. if for some reason the directory structure would get to be publicly browsable.
I can't see any reason to remove them.
If your codeigniter installation (system and app folders) is outside of your public server directory, then they're not going to help with anything since they could never be served. In that case, it doesn't matter whether they exist or not, since you could never get to their directories anyway.
I say remove them for two reasons:
1) If Apache is configured to allow directory browsing, then it doesn't matter what your index.html says. So claiming that "Directory access if forbidden" when it's really not, amounts to security through obscurity, which is an undesirable security strategy.
2) I disagree with the idea that "if it's not hurting anything, just leave it alone". I've spent many an hour trying to figure out the purpose of a particular piece of code, only later to find out that it wasn't doing anything at all. Remove unused code. The inheritors of your projects will curse you less.
They are for your security, if someone tries to access your folder on the server by your domain URL (if your server is configured in a wrong way), it will prevent you from loading those files by triggering that HTML file
It would be safe for you to keep the file indeed.
I need a directory with 777 permissions in my webserver; anyway, I would like to protect it by placing it outside the public_html directory. Is this safe enough? A php script will be able to access that directory?
Thank you for your help.
—Albe
So long as your php scripts are sufficiently secure from users trying to break them with SQL injection (amongst others), placing the directory outside the web root is definitely safe to prevent others directly accessing the contents. And yes, php can still access the files, if given an appropriate path to that directory.
yes, the other php scripts can still access that directory, but it will not be reachable over the web.
set the correct owner/group as well,
if you set it to be the owner of the php process a 700 should be working just as well.
David's way is the easiest, but you could also try;
placing a .htacces file in your folder
changing the permissions to 700 (or 750, if you have to be able to edit it with the group)
starting filenames in the directory with a dot (though this is easy to screw up, so you may want to avoid it)
If David's way works, I'd prefer that, but in case you have some weird extra restrictions, these ways MAY work.
I am always reading that you should always store your database credentials outside of your document root because normally you would have them set to db.inc or something similar.
I can understand this and naturally it makes perfect sense.
What I don't understand is why you are making the file into one that you either need to set apache to hide or you need to put it into a secure location in the first place.
What is the issue with making it, say db.php - Then apache knows to execute the script first and return the output (which would presumably be blank in most cases).
Maybe I am being dumb and missing an inherent security flaw but is there any issues with just storing your details in a .php file? I mean Wordpress and other major open source PHP applications manage to get away with it, but is this because they can't make their script talk to folders outside of www or because it is just as secure as any other method?
Maybe I am being dumb and missing an inherent security flaw but is there any issues with just storing your details in a .php file?
A tiny slip up in the configuration of Apache, and the file starts being served raw instead of being processed by the PHP engine.
I mean Wordpress and other major open source PHP applications manage to get away with it, but is this because they can't make their script talk to folders outside of www or because it is just as secure as any other method?
They accept increased risk for increased convenience.
Storing files containing (database) credentials outside the document root is always a good idea.
Say, you upgrade Apache, but forget updating the configuration with PHP. Any file in the document root can possibly be downloaded without getting parsed.
Wordpress, Joomla, phpBB and others are made to be portable. That is, reside in one folder.