Re: [PHP] Protecting database passwords
On Friday 02 July 2004 04:43, Peter Brodersen wrote: You could move the virtual host to its own file, only readable by root (and include this virtual host-file in httpd.conf). Use SetEnv in this virtual host to set values like DBUSER, DBPASS and so on: http://httpd.apache.org/docs/mod/mod_env.html#setenv You can choose whatever names you like. The PHP script would then just have to read these environment values to retrieve username and password. Or alternatively you can just set these: mysql.default_user mysql.default_password etc inside your VirtualHost containers. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Stealing a rhinoceros should not be attempted lightly. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
Hi, On Wednesday 30 June 2004 09:58, Bob Hockney wrote: Hi there, I wrote a php script that accesses a database, and I am wondering about securing the password to the database. I could prompt the user for the password every session, but I don't necessarily want the user to have the password. You mean the password for the database? Why would the user need that? If the users need a password to access the site, then create one for the *site*. Only you and your scripts need to know what the password for the database is... Unless I'm missing something, any on-disk place I store the password needs to be readable by PHP, and therefore isn't very secure. I have restricted the rights of the database user, but I'm wondering how others have dealt with this, or maybe I'm completely missing the point. Or, am I missing the point? :) - E - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
On Thursday 01 July 2004 02:17, Chris W. Parker wrote: Red Wingate mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 9:33 AM said: Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. you probably understand this already but for those who don't i would like to say: right, but the point with hashing is that even if the hashes are retrieved/stolen it will take time (possibly too long) for the password itself to be recovered/discovered. And why would they need to recover/discover them? If other users of the server can see your script(s) that holds the information (username/password) for your db, then they don't even have to know the real password-- they can just used the hashed ones to access your db. Or, maybe you want to explain more? :) - E - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
On Thursday 01 July 2004 08:25, Chris W. Parker wrote: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 4:15 PM said: How can I use a password hash to log on to a database server (or for any other login for that matter)? i apologize. i completely misunderstood your original post. in which case, i can think of only two things (not to say there aren't more): 1. restricting access to the file via permissions, and 2. putting the file outside of the web root so that it can not be requested via the web. If you're on a shared environment and if all the users are running under the same UID then permissions wouldn't really matter... - E - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
* Thus wrote - Edwin -: On Thursday 01 July 2004 02:17, Chris W. Parker wrote: Red Wingate mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 9:33 AM said: Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. you probably understand this already but for those who don't i would like to say: right, but the point with hashing is that even if the hashes are retrieved/stolen it will take time (possibly too long) for the password itself to be recovered/discovered. And why would they need to recover/discover them? If other users of the server can see your script(s) that holds the information (username/password) for your db, then they don't even have to know the real password-- they can just used the hashed ones to access your db. Well, at this point there is no need for those hashes. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password. One solution is to make the database only accessible from localhost (you could create a new user/pass for outside localhost). That way nobody has any use for that password. Furthermore I believe it's impossible to access the php code since apache always runs it through PHP, but I'm not an expert on that. - Edwin - [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, On Wednesday 30 June 2004 09:58, Bob Hockney wrote: Hi there, I wrote a php script that accesses a database, and I am wondering about securing the password to the database. I could prompt the user for the password every session, but I don't necessarily want the user to have the password. You mean the password for the database? Why would the user need that? If the users need a password to access the site, then create one for the *site*. Only you and your scripts need to know what the password for the database is... Unless I'm missing something, any on-disk place I store the password needs to be readable by PHP, and therefore isn't very secure. I have restricted the rights of the database user, but I'm wondering how others have dealt with this, or maybe I'm completely missing the point. Or, am I missing the point? :) - E - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
Gerben wrote: I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password. What I am concerned about is a local user on the server machine, not access through the web server. It sounds like it can be done if there is a separate user or group for the web server process, but this site specific. It would be difficult to distribute a program and use a generalized install routine to install the file containing the passwords to be edited by the site admin. -Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
From: Bob Hockney [EMAIL PROTECTED] I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password. What I am concerned about is a local user on the server machine, not access through the web server. It sounds like it can be done if there is a separate user or group for the web server process, but this site specific. It would be difficult to distribute a program and use a generalized install routine to install the file containing the passwords to be edited by the site admin. If you're on a shared server, then you should ensure safe_mode is enabled and open_basedir restrictions are in effect so the different users are limited to their own directories. Otherwise, yeah, your script is wide open to any other user on the machine that can run a PHP script. This goes for almost _every_ hosting solution out there because not many of them run safe_mode. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
Bob Hockney wrote: Gerben wrote: I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password. What I am concerned about is a local user on the server machine, not access through the web server. It sounds like it can be done if there is a separate user or group for the web server process, but this site specific. It would be difficult to distribute a program and use a generalized install routine to install the file containing the passwords to be edited by the site admin. -Bob The only way I know to achieve this is to install apache with the suexec option. This has no effect on mod_php but does on the cgi version. So then install the cgi version of php. A virtual host can run with the effective uid and gid of the account holder (user). Scripts can then be installed in the cgi-bin, owned by that user with permissions 0700. No other user can see them yet apache will be able to execute them. The database password can be in your script or in an include file with these permissions. If you want to distribute a program, there are obvious problems - apache is not always installed suexec and the cgi version of php is rarely installed (it doesn't conflict in any way with mod_php, though. You can have both). Bear in mind that this issue affects every distributed php application, including horde, php groupware and so on. Most shared servers run a form of ftp that chroots users into their home directories, and this helps. The main thing is to keep the file with the password out of the webspace (an include path can be anywhere), or make an apache configuration file part of your distribution, to be included in httpd.conf (viz horde), that restricts access to a directory that is intended for configuration files. Peter. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
Not really a direct solution, but anyways...You could use Turck MMCache to convert the code into bytecode. That way nobody can see the password, atleast not too easily. - Sid On Thu, 01 Jul 2004 16:28:57 +0100, Peter Risdon [EMAIL PROTECTED] wrote: Bob Hockney wrote: Gerben wrote: I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password. What I am concerned about is a local user on the server machine, not access through the web server. It sounds like it can be done if there is a separate user or group for the web server process, but this site specific. It would be difficult to distribute a program and use a generalized install routine to install the file containing the passwords to be edited by the site admin. -Bob The only way I know to achieve this is to install apache with the suexec option. This has no effect on mod_php but does on the cgi version. So then install the cgi version of php. A virtual host can run with the effective uid and gid of the account holder (user). Scripts can then be installed in the cgi-bin, owned by that user with permissions 0700. No other user can see them yet apache will be able to execute them. The database password can be in your script or in an include file with these permissions. If you want to distribute a program, there are obvious problems - apache is not always installed suexec and the cgi version of php is rarely installed (it doesn't conflict in any way with mod_php, though. You can have both). Bear in mind that this issue affects every distributed php application, including horde, php groupware and so on. Most shared servers run a form of ftp that chroots users into their home directories, and this helps. The main thing is to keep the file with the password out of the webspace (an include path can be anywhere), or make an apache configuration file part of your distribution, to be included in httpd.conf (viz horde), that restricts access to a directory that is intended for configuration files. Peter. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
On Thu, 01 Jul 2004 06:55:38 -0700, [EMAIL PROTECTED] (Bob Hockney) wrote: What I am concerned about is a local user on the server machine, not access through the web server. It sounds like it can be done if there is a separate user or group for the web server process, but this site specific. It would be difficult to distribute a program and use a generalized install routine to install the file containing the passwords to be edited by the site admin. You could move the virtual host to its own file, only readable by root (and include this virtual host-file in httpd.conf). Use SetEnv in this virtual host to set values like DBUSER, DBPASS and so on: http://httpd.apache.org/docs/mod/mod_env.html#setenv You can choose whatever names you like. The PHP script would then just have to read these environment values to retrieve username and password. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Protecting database passwords
Bob Hockney mailto:[EMAIL PROTECTED] on Tuesday, June 29, 2004 5:58 PM said: I wrote a php script that accesses a database, and I am wondering about securing the password to the database. I could prompt the user for the password every session, but I don't necessarily want the user to have the password. you don't want the user to have the password?? how else are they supposed to login? Unless I'm missing something, any on-disk place I store the password needs to be readable by PHP, and therefore isn't very secure. 1. don't store the password in plain text. store it as a hash. 2. make the file readable only to root and the user that PHP/Apache runs under. that's about all i know. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
MD5 - http://ie2.php.net/md5 One way in encryption. Chris W. Parker [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bob Hockney mailto:[EMAIL PROTECTED] on Tuesday, June 29, 2004 5:58 PM said: I wrote a php script that accesses a database, and I am wondering about securing the password to the database. I could prompt the user for the password every session, but I don't necessarily want the user to have the password. you don't want the user to have the password?? how else are they supposed to login? Unless I'm missing something, any on-disk place I store the password needs to be readable by PHP, and therefore isn't very secure. 1. don't store the password in plain text. store it as a hash. 2. make the file readable only to root and the user that PHP/Apache runs under. that's about all i know. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. [...] MD5 - http://ie2.php.net/md5 One way in encryption. [...] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Protecting database passwords
Red Wingate mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 9:33 AM said: Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. you probably understand this already but for those who don't i would like to say: right, but the point with hashing is that even if the hashes are retrieved/stolen it will take time (possibly too long) for the password itself to be recovered/discovered. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
even for the guy who wrote the source. it's allmost impossible to restore the data as the only option is a brute-force attempt. Chris W. Parker wrote: Red Wingate mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 9:33 AM said: Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. you probably understand this already but for those who don't i would like to say: right, but the point with hashing is that even if the hashes are retrieved/stolen it will take time (possibly too long) for the password itself to be recovered/discovered. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Protecting database passwords
Red Wingate mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 10:29 AM said: even for the guy who wrote the source. it's allmost impossible to restore the data as the only option is a brute-force attempt. right so what is the point you're trying to make? c. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. Yes, this is what I am concerned about, access to the file by local users on the server. Hashes won't help me. -Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
You pretty much have to run the webserver / script as a certain user and give only that use read permissions to the file. On Wed, 30 Jun 2004 14:11:04 -0700 (GMT-07:00), [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. Yes, this is what I am concerned about, access to the file by local users on the server. Hashes won't help me. -Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php !DSPAM:40e32aab275611688355989! -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Protecting database passwords
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 2:11 PM said: Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. Yes, this is what I am concerned about, access to the file by local users on the server. Hashes won't help me. argh. just make the file readable by root and the user that runs apache/php and you're done. what else is it that you want to know? chris. p.s. btw hashes will help you (keep the contents of the file secure which is your ultimate goal is it not?). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Protecting database passwords
argh. just make the file readable by root and the user that runs apache/php and you're done. Which unfortunately is installation specific. I.e., if I am distributing a program and want to install a file which the user modifies to contain the passwords, I have to direct the user to manually update the permissions of that file to suit his site. p.s. btw hashes will help you (keep the contents of the file secure which is your ultimate goal is it not?). How can I use a password hash to log on to a database server (or for any other login for that matter)? -Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Protecting database passwords
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on Wednesday, June 30, 2004 4:15 PM said: How can I use a password hash to log on to a database server (or for any other login for that matter)? i apologize. i completely misunderstood your original post. in which case, i can think of only two things (not to say there aren't more): 1. restricting access to the file via permissions, and 2. putting the file outside of the web root so that it can not be requested via the web. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Protecting database passwords
Hi there, I wrote a php script that accesses a database, and I am wondering about securing the password to the database. I could prompt the user for the password every session, but I don't necessarily want the user to have the password. Unless I'm missing something, any on-disk place I store the password needs to be readable by PHP, and therefore isn't very secure. I have restricted the rights of the database user, but I'm wondering how others have dealt with this, or maybe I'm completely missing the point. -Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php