On Fri, November 4, 2005 2:36 pm, Bing Du wrote: > Some functions need you to provide username and password, for instance > odbc_connect. Even though the username/password just has minimum > access > privileges to the resource, putting it there in clear text in a script > gives > me heartburn. How do people handle username/password in such kind of > cases? > I'm sure there must be some way to store critical information in some > encrypted format but it's still readable to scripts for authentication > purpose. But don't know how. Any ideas or pointer would be greatly > appreciated. This is an age-old question. First, let's address your current thinking: "store critical information in some encrypted format" Consider this: Your PHP script has to decrypt that before it can use it. If they can read the source to get the username/password (encrypted or plaintext version) they can probably read the PHP source that decrypts it. Therefore, the encryption will be a very very very minor barrier. Okay as a tiny part of a Defense in Depth, but not much of magic bullet. The ideal solution, really, would a root-only readable file, that Apache would read before it de-roots itself, storing it in some kind of protected memory space, not writable to disk, that could be read by ONLY your PHP scripts, and not anybody else co-hosted on the same shared server. At that point, a hacker has to be rummaging through your actual RAM to get your password. If they can do that well enough to find your password, you probably can consider yourself as having lost the game already. :-) AFAIK, no such Apache Module exists. :-( There are a lot of fairly easy things you can do, even on a share server: Moving the file with the username/password outside the web tree, into a directory only you can read, with a sub-directory/file PHP/Apache can read, so that it's harder for others to "stumble" across it is a start. You have to dink with php.ini (or .htaccess, most likely) include_path, but that's not that hard. If you control httpd.conf on a dedicated server, you can consider putting the username/password into Environment variables within only the VirtualHost that needs them (I think that works). More about that here http://phpsec.org/ I think. httpd.conf can be root-only readable because Apache starts as root (and then de-roots itself) after reading httpd.conf That does make it hard for others to figure out other settings in httpd.conf that affect their work, so you may want to use Apache "include" directives (or whatever they are) if possible. By the time you've done all that, encrypting the username/password and then having the decryption code in plain view in your PHP script is probably not all that useful, really... As you may have noticed, the answer differs greatly depending on your server setup: shared or dedicated and your general IT beauracracy (or lack thereof) for changing httpd.conf and/or server settings. You should probably Google and read a whole lot to see the full gamut of other ideas. Be warned: Some of the published ideas are, ummmm, not-so-good. Check the sources and their credentials and think for yourself. Start at http://phpsec.org to get grounded. Check at http://php.net/ and http://zend.com for official content, and then take the User Contributed notes with a grain of salt. Then Google and use the whole salt shaker. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
