Answer the question
In order to leave comments, you need to log in
Storing MYSQL password in hashed form?
Given:
Some system written in php. DB connection parameters (login\password) are stored in the configuration file in clear text. How can I securely store a password to connect to a database?
Answer the question
In order to leave comments, you need to log in
Continue to store in configuration files. For the safe storage of configuration files, take care of the security of the server itself.
Base:
- Your "php system" code. No, seriously, check your code, test.
- Disable ssh with a password, use a key with a secret;
- Change the standard ssh port to 2k+, just so that the Chinese do not clog the logs;
- Set up a firewall, ideally, apart from the web server and ssh, nothing from the outside world should be available;
- Maintain up-to-date software versions on the server (at least web server, php, database not older than six months).
Um, how long have you been writing websites? Everything is stored in clear text in configuration files. Another thing is that these files should not be accessible from the outside.
And even if you encrypt (not the caching way), the person who hacked the server will still find a function by which you convert the cipher to a password.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question