Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Valery Ryaboshapko2013-11-21 11:58:06
PHP
Valery Ryaboshapko, 2013-11-21 11:58:06

How to properly (safely) store passwords from third-party services in the database?

I am writing a script (plugin for WordPress), which should from time to time knock on FTP / WebDAV / Something else under my username and password and throw a file there. Accordingly, the script will take the login and password from the MySQL database.

The question is, are there methods for encrypting passwords in such cases? That is, if you manage to steal the database so that you can not access this FTP server. Maybe there are ways to store these passwords more securely than in a database?

The script must work autonomously, so manually entering the password each time is not an option.

Ideally, I would like a solution using PHP and MySQL, but references to general principles and algorithms will be fine. Only, please, not quite to the basics of information security :-)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
E
EugeneOZ, 2013-11-21
@valerium

You need the crypt
function You need the mcrypt_encrypt
function Here is the finished implementation already:
https://github.com/jamm/MVC/blob/master/src/Jamm/MVC/Models/Crypt.php
(nothing added by myself, everything is standard)
In general, OAuth was invented to access third-party services without storing a password - see if some of these services have this. The token can be used later and autonomously, without a user.

Report
X
xmoonlight, 2013-11-21
@xmoonlight

1. Make a connection to the intermediate host (as a proxy host), write on it the correspondence login:pass (internal) -> host,login,pass,port (external)
2. Write down that access to the intermediate host is only from a certain IP ( or certificate).
3. Do not open access to this storage link (file system, database, etc.)
All this must be done on a different server (perhaps a virtual machine)
Even if the passwords are stolen, you will change them in an instant. (without changing the remote ones)
If they try to connect with stolen passwords, then access will only be from the specified IP. (well, add a certificate for greater reliability)
--------------
Well, as for encryption, everyone has already said a lot of useful things here.
I will only add: the main thing is to protect the "salt".

Report
M
Maxim Borzov, 2013-11-21
@iBear

I have an old, but rather interesting post on Habré in my bookmarks about reversible grinding using the "double square" method.

Similar questions
G
Good Samaritan2021-05-03 15:41:50
How to get pharmacies along google maps route? 1Reply
T
tmtimuchin2019-11-12 15:04:13
How to add several files (jpeg, png) to the server at once? 3Reply
N
Nikita Shinkevich2019-11-18 19:11:12
How to get hold of TLS in Windows 7? 2Reply
N
nameOfUser 1232017-06-20 13:57:33
How to combine 2 languages ​​C++ and C#? 3Reply
L
lavezzi12021-05-20 13:56:32
Do I need an online checkout in my case? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question