Encrypt databse login parameters

nanite2000

Hello,

When writing PHP scripts I believe it is normal to include the login details required to connect to a database as plain text inline with the rest of the PHP source code. e.g.:

$dbuser = 'username';
$dbpass = 'password';
$dbserver = 'server';

Does anyone know if it is possible to encrypt the login parameters, to add an extra layer of security. For example, if a hacker were to gain access to my server and view the PHP source code, he would see a copy of the login name and password into our database. Or, if the PHP server was switched off for some reason, the PHP source code would be available via a web browser as a plain text file.

Is there a way of storing the login parameters in an external encrypted file, and use PHP to query this file without including the means to decrypt the file contents in the PHP source code itself?

Any advice would be most appreciated!

laserlight

Keep the file containing the details in a directory above your document root.

nanite2000

Thanks laserlight,

That will certainly keep prying eyes away from web browser users, but if a person gains command line access (e.g. a hacker, a rogue user, etc...) they would still be able to see the login parameters from the PHP source file, regardless of where it is kept.

Is it possible to prevent that? You know - to add an extra layer of security...?

laserlight

That will certainly keep prying eyes away from web browser users, but if a person gains command line access (e.g. a hacker, a rogue user, etc...) they would still be able to see the login parameters from the PHP source file, regardless of where it is kept.

If an attacker gains root access, I do not see how encryption will help. Somehow, the server must send the credentials to the database server, and whatever method the server uses can be imitated by an attacker with full control of the server. The attacker might even just attack the database server.

nanite2000

But the user wouldn't even need root access. As long as he can view the contents of a PHP file he can see the login details for any database. This concerns me especially if the server accesses a number of different databases over a distributed network - access to one machine would compromise databases on all other machines because the login credentials would be clearly visible in the PHP files.

Even if access to the PHP files were restricted to only the root user and PHP user, a user would only need to create a custom PHP file that parses in all the other PHP files and display their source, thus side-stepping the user level protection.

As an aside, an application written in something like C# or Java wouldn't suffer this problem since the login credentials would be embedded in the compiled application files.

I'm not trying to say that because PHP cannot do this, it is not as good. I really want to use PHP on my next project, and I need to convince the people "higher up" that it is as safe and secure as a J2EE or .NET project. Is it?

laserlight

Even if access to the PHP files were restricted to only the root user and PHP user, a user would only need to create a custom PHP file that parses in all the other PHP files and display their source, thus side-stepping the user level protection.

Well, you could try using something like Zend Guard or ionCube to encrypt the PHP files.

As an aside, an application written in something like C# or Java wouldn't suffer this problem since the login credentials would be embedded in the compiled application files.

A hex editor can be used to discover embedded data.

nanite2000

laserlight wrote:
Well, you could try using something like Zend Guard or ionCube to encrypt the PHP files.

Aha! They look promising! Thanks!

laserlight wrote:
A hex editor can be used to discover embedded data.

True, but if the login parameters are held in a separate encrypted data file, and the encryption key was stored in a compiled application, it would be almost impossible to decrypt the file without having to go via the application.

For example, JSP's are stored as plain text files, but the back end servlets are compiled class files. All a JSP would need to do to ensure a secure connection is call a servlet, which in turn would query the encrypted data file and return an open connection to the database as an object. Even the developer wouldn't necessarily need to know the login parameters for the database, as long as he used the class file to create the connection. I'd love to know if PHP could do anything similar becasue I can't stand Java!

This may seem like overkill, but database security is the paramount in our latest project.

MarkR

If someone gains access to the web server, they can gain the credentials necessary to log on to the database.

There is absolutely no way of preventing this, regardless of how you do it. It could be stored encrypted (in which case it would need to be decrypted with a key that was stored on the machine anyway), in compiled form (in which case it could be decompiled) or determined in some other way (e.g. SSL client certificate, which could be stolen and used by an attacker anyway), but the result is the same.

Yes, you can keep them in a file stored outside the web root. Yes - you could keep them in environment variables set by Apache (from a config file which is readable only by root), but an attacker could gain them anyway.

If an attacker had access to the same account (username) as the web server ran under, they could attach a debugger to the web server process and look for the details in memory. Most things are possible.

One of the most secure ways of doing it may be to set them into environment variables from Apache - in a config file readable only by root. But this is still vulnerable if they can modify the php files, get any php code executed in the same context, or view the output of (for example) phpinfo()

Mark

PABobo

the login information should be in an include file. Secure the file by making sure it's included and not directly accessed.

function verify_inclusion () {
  $requestedURL = parse_url($_SERVER['REQUEST_URI']);
  if(basename($requestedURL['path']) === basename(__FILE__)) {
    echo "<span style=\"font-weight:bold;color:\#f00\">ERROR!!</span> ";
    echo "This file cannot be accessed directly.";
    exit;
  }
}
verify_inclusion();