Hi,
I've finally been able to successfully introduce PHP/MySQL at my work. So far, we exclusively used Java/JSP/Oracle. But now a security issue has arisen that I cannot answer. I hope that someone out here can help me with it:
In our usual setup, we use web 'frontends' (dumb webservers), that relay requests to an application server. There is a firewall between the frontends and the application server. The frontend has no scripts that contain any database passwords; these are stored and executed on the application server.
We've tried to recreate a similar situation with PHP. Of course, I am aware that you should store the include files with the passwords outside of your document root, but this does not offer enough security. Moving your database to another server doesn't help; as soon as someone hacks your webserver he could read the username/password and connect to the database and log in.
The extra step between a web frontend and an application server adds an extra obstacle for a hacker.
I've looked into the following two possible solutions:
1) Recreate the frontend/application server setup with PHP. I'm not sure how to do this and preserve sessions at the same time. It would at the least require a major rewrite of our application.
2) Create a system that does not have the password information stored in a file. We couldn't figure out how to do this and my gut feeling is that this is theoretically impossible or that it doesn't add any REAL security.
Is there anyone who has been in this situation and given some thought to this? I'd love to discuss this further and find a rock solid solution to it.
Cheers,
Bart - bart@vrotvrot.com
