I have a file setup.php.
This file has the mysql username and password. Is there any method to make it unreadable or encrypt it so that even the admin can not read it, or can read it but still not know the password?
The short answer is that for practical purposes you can make it harder for them to access it but not impossible.
If someone has full access to a server filesystem (eg, with root permissions) then they can read any data off that filesystem, so they can read the code and any data files that you place on there. As the application running on that host needs to be able to use the credentials there's no effective way to prevent someone with full access to that server from reading them.
You could obfuscate them, to make it a bit harder. if you encrypt the credentials in the setup.php file and then placed a decryption algorithm and key in another php file, it would stop someone just opening the file and getting the creds, but it they could always reverse engineer that solution if they're determined enough.
Additionally if they've got full control of the server it would be possible to use a packet sniffing tool to get the credentials as they're used (unless you're encrypting them with something like SSL).
Ultimately if someone is running an application and controls the server you have to place a level of trust in them.
As an aside there's a stackexchange site at security.stackexchange.com that's a good place for questions like this.
Create a new user in MySQL and give some basic permissions for that user. Then you will have two users, your admin account and the user account with limit privileges.
You also can deny view a folder where your setup.php is located doing the same trick, create other user in your OS to limit restrictions to that folder
Related
I've been building a website from scratch, and while I have some background in coding (particularly Python and various flavors of C) I am teaching myself html, php, sql and so on as I go.
I would very much like to be able to add an 'admin view' to my website, so that I can add and modify content more easily. I've spent a good amount of time searching for a way to do this securely, hidden behind a password, but it seems as though this is extremely difficult, or even impossible, to do.
With my incomplete understanding of how internet security works, the only way to do this is to have the login php file include a php file from outside the public_html folder which contains the actual password entry, which itself must contain a randomly generated way to modify the password-entering instructions to prevent anyone who intercepts the password I enter from being able to use it later, and which then decrypts the entered password and sends it to other php files outside the public_html folder that contain the infrastructure for the admin view.
Given that I've used several websites that require entering a username/password that use a much less convoluted scheme for securing them, I'm assuming a better system exists. But the main problem of all information from the client being visible to any sufficiently determined attacker seems to render this impossible. What am I missing?
You are right so far, that it is impossible to protect the transportation of the password between client and server, by your own application. If an attacker can do a ManInTheMiddle attack, (s)he could do exactly the same as your client does, or could just strip away a JavaScript which tries to encrypt or hash the user password before sending it.
So the only thing you can do is using an encrypted SSL/HTTPS connection. Most providers offer to install a SSL certificate, but often this is a bit expensive, and sometimes only available in the professional bundle. There are also hosters which offer it for free though.
The encryption of an SSL connection works, because there is already a shared secret. Browsers will install a list of root certificates, and those certificates can be used to set up an encrypted connection.
This is the most important bit: Use HTTPS.
You should use a hash on the password in javascript, before it is send to the server, and only use the hashed value. That way the actual password is not easy to get at. Remember to salt the hash. The point of hashing on the client side is that that it obscures the original password. (Many users use the same password on multiple sites. this way the original password is very hard to get at)
Here is a good implementation of SHA-256: http://www.movable-type.co.uk/scripts/sha256.html
Hash it again at the server side, before you store it, in case someone gain access to your data. Don't forget the salt.
Remember that security is only a matter of degrees :c)
Where you store the hash is less important. Just make sure it's unavailable to the outside.
Use .httpaccess files to restrict access. here are some examples: http://blog.dreamhosters.com/kbase/index.cgi?area=3083
I have password protected a folder using .htpasswd and .htaccess that contains digital assets that I want to control the downloading of using php.
I was planning on offering a download link using the mechanism:
http://username:password#www.website.com/directory/
However, I don't want people to have access to the username and password. In other words I want to make a php gateway file with a different url that decides to offer the download or not, based on information available in the database.
This is a security thing, so I'm not confident of where to start with this. I'm sure I could hash together some code but I'm not confident about it. How can I do this securely? Any help greatly appreciated.
If you have the technical possibility I would suggest you even store the assets outside of the web accessible folders so you don't need to rely on htaccess for protection. That way your PHP gateway script is the only way to access those files.
I won't go into details about writing the script itself, there are multitudes of ways to do that and it very much depends on your requirements what is best, so more information would be needed to give some advice to that. If your assets are very big then streaming them through your script might not work due to memory/time limitations, in that case you could symlink them from the safe location to a public location with a randomly hashed path/filename for a limited time and give that link out.
I am making a web application and i want it to be secure, so i ll be using SSL and, will hash passwords. But my server is managed by a different company and it's a shared hosting server, they have direct access to database. I want to prevent any possible loss of sensitive information so i am thinking about encrypting all the data in the database.
Is this a good way to keep data secure?
are there any other ways to protect data in database?
I am using PHP, MYSQL, Apache, and Linux
please provide details. also if am thinking in the wrong direction pls tell that too.
Thanks in advance
This is not a big privacy issue
The internet is composed of some few websites / web applications using self hosted solutions with fully personal servers (owned and operated in their own NOC).
Everyone else is using some form or another of shared, virtualized, semi-private, semi-dedicated, collocated hosting. In every case the hosting company has full access to everything, they have physical access to the servers -- no amount of protection can help you there.
Shared hosting might be the easiest to access from the hosting company's perspective. But that's not relevant, their policies should prevent them from operating in bad faith because if they wouldn't it wouldn't really matter if it was the easiest or the hardest to access it would only matter how interesting the data you have is to them (or some random employee of theirs).
Finding a solution to the above non-issue
Some approaches might use:
Mounting an encrypted filesystem as a folder and setting up MySQL to use that folder to store its data;
MySQL encryption functions to encrypt the data in a particular cell or column;
a library on top of SQLite that had an encryption feature which would encrypt the entire database file;
On the other hand if your PHP files would be on the same server and the database decryption password would be stored inside your PHP files, any "intruder" could find it and use it if they wanted it.
You'd have to store the password on a different server or obtain it from the user in order to not have it present inside the local PHP files. This would obviously still be available at runtime; if the "intruder" is a programmer he will be able to retrieve it fairly easily.
I'm trying to create a security mechanism that only allows my application to upload files to my FTP (username and password login is not enough). To achieve this I was thinking of creating a key that is built in to the app, and before any file can be uploaded to the FTP this key has to be read and verified. If it's correct, then the file can be uploaded.
Is this something that is possible to do, and would this approach be preferred? Does anyone have any pointers on how to do this?
(note: i'm not asking for any code, just some pointers on where to start, since my searches aren't getting my anywhere)
Thanks.
if you are worried about unsecured wi-fi, etc, you can either use SFTP or tunneling over SSH e.g. with connectbot
the use of public key crypto will will make sniffing harder.
if this is too much work for the intended userbase, you could generate one time passes (like google authenticator) and upload your file with a POST form or something.
if you are afraid of the key itself getting stolen (compromised device), there is little you can do..
There's no point in reproducing an answer from another question verbatim, so I'll just post this link to it.
I have a website developed in PHP. There are 2 classes (in 2 seperate php files) that contain the siteadmin's gmail user id and password (in plain text) and database password (again in plain text). Though none of these classes are displayed on the browser ( like index.php). These files contain only php classes and no html code and the references to those plain text passwords is only through objects of those classes.
Off late, I have started to wonder if this is secure enough? I have tried my best (acting as a malicious person) to try and read the contents of the two said php files but was not able to do so. I am not very conversant with developing secure code, so not sure what should be my approach to make sure that these passwords never get exposed.
Could any one please suggest best practices to develop php code that can contain such sensitive information securely.
Put configurable items in a separate configuration file, above your public web directory
Make sure you have set correct file permissions to your files
Check your web application for local (and remote) file inclusion
Have your server up-to-date
Having your passwords at a safe spot is not the complete solution, you'll need to have your complete PHP application secure, and nobody unauthorized should be able to get root/administrator access to the server.
Firstly, I'd look at using OAuth for accessing GMail if at all possible - it means you don't have to store credentials at all, and provides some level of protection in case your server does get compromised.
I would also look at the answers to this question.
Finally, if your site is on the public internet, it's worth reading up on at least the basics of internet security, and especially securing web applications. There are all sorts of ways things can go wrong. I like the "hacking exposed" books.
Don't store passwords in files, because someone will eventually check that file into source control. Or someone will set a permission incorrectly.
Run the application with its own O/S user account
Put the passwords in an O/S environment variable for the application user (not a system environment variable)