R
R
r066er2018-11-08 13:51:55
Information Security
r066er, 2018-11-08 13:51:55

Storing MYSQL password in hashed form?

Given:
Some system written in php. DB connection parameters (login\password) are stored in the configuration file in clear text. How can I securely store a password to connect to a database?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
R
Roman Terekhin, 2018-11-08
@RomaZveR

Continue to store in configuration files. For the safe storage of configuration files, take care of the security of the server itself.
Base:
- Your "php system" code. No, seriously, check your code, test.
- Disable ssh with a password, use a key with a secret;
- Change the standard ssh port to 2k+, just so that the Chinese do not clog the logs;
- Set up a firewall, ideally, apart from the web server and ssh, nothing from the outside world should be available;
- Maintain up-to-date software versions on the server (at least web server, php, database not older than six months).

D
Dmitry Bay, 2018-11-08
@kawabanga

Um, how long have you been writing websites? Everything is stored in clear text in configuration files. Another thing is that these files should not be accessible from the outside.
And even if you encrypt (not the caching way), the person who hacked the server will still find a function by which you convert the cipher to a password.

M
Maxim E, 2018-11-08
@creativeworm

Use ionCube to encrypt configuration files. Although if there is SSH to the server, it will not help.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question