Answer the question
In order to leave comments, you need to log in
How to properly (safely) store passwords from third-party services in the database?
I am writing a script (plugin for WordPress), which should from time to time knock on FTP / WebDAV / Something else under my username and password and throw a file there. Accordingly, the script will take the login and password from the MySQL database.
The question is, are there methods for encrypting passwords in such cases? That is, if you manage to steal the database so that you can not access this FTP server. Maybe there are ways to store these passwords more securely than in a database?
The script must work autonomously, so manually entering the password each time is not an option.
Ideally, I would like a solution using PHP and MySQL, but references to general principles and algorithms will be fine. Only, please, not quite to the basics of information security :-)
Answer the question
In order to leave comments, you need to log in
You need the crypt
function
You need the mcrypt_encrypt
function
Here is the finished implementation already:
https://github.com/jamm/MVC/blob/master/src/Jamm/MVC/Models/Crypt.php
(nothing added by myself, everything is standard)
In general, OAuth was invented to access third-party services without storing a password - see if some of these services have this. The token can be used later and autonomously, without a user.
1. Make a connection to the intermediate host (as a proxy host), write on it the correspondence login:pass (internal) -> host,login,pass,port (external)
2. Write down that access to the intermediate host is only from a certain IP ( or certificate).
3. Do not open access to this storage link (file system, database, etc.)
All this must be done on a different server (perhaps a virtual machine)
Even if the passwords are stolen, you will change them in an instant. (without changing the remote ones)
If they try to connect with stolen passwords, then access will only be from the specified IP. (well, add a certificate for greater reliability)
--------------
Well, as for encryption, everyone has already said a lot of useful things here.
I will only add: the main thing is to protect the "salt".
I have an old, but rather interesting post on Habré in my bookmarks about reversible grinding using the "double square" method.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question