[RESOLVED] best way to protect a part of a site ?

steamPunk

I've got a fair number of sites that i look after now for various clients and i would like to put all the ftp and mysql logins and passwords etc into a db table and put that on my site so i can look it up in a php page from anywhere ... but i'm worried about the security of doing this

is there an absolutely foolproof way of blocking off a section of the site so that it would be impossible to get in without the password ?

thanks for any ideas you could suggest

kakki

no .... there is no "absolutely foolproof"

........ sorry

the php part could look like this:
you can try to keep your software up to date.....
check the security part of the php-manual on php.net

maybe check into security fixes on bulltin software written in php,
to get an idea of what you are to expect for your password-site

the os-part of the server could look like this:
you can try to keep your software up to date....
maybe you can check into more "exotic" oss'es to prevent common os-based attacks on the server
configure os properly

the db-part could look like this:
you can try to keep your software up to date....
configure properly

there are plenty of security holes on a server

steamPunk

thanks for your answer

from what you've written I have a feeling it's maybe not such a good idea to put all that stuff online after all ....

thanks again

MarkR

I'd say just use HTTP authentication using whatever mechanism is built into your web server for providing this.

Web servers are well tested pieces of software and unlikely to contain bugs which let people get past HTTP authentication.

Mark

steamPunk

I don't know what HTTP authentication is - but I'm off to find out

thanks 🙂

dotnotwhat

HTTP authentication only offers a method of password protecting HTTP access to your sensitive data.

This is fine for most purposes but it will not protect your data from being accessed by anyone who has access to the server via other means (someone with physical access, root access or someone who manages to exploit a security hole in any of the server's running processes for example).

You may consider this overly paranoid, but 'how secure' it needs to be depends on how sensitive the data is. How disastrous would it be if someone was to get hold of your client's passwords? What damage could be done with them passwords, etc?

Personally if I was doing this, I would additionally encrypt the data stored on the server, so even if someone gets hold of it, it would be next to useless to them to get anything out of it, or at least make it very troublesome for them. Your PHP can do the decryption when you supply it with a decent passphrase only you will know. Also make sure you use SSL when accessing your PHP page so that nothing is passed over the net in plaintext.

As kakki says though, there is no "absolutely foolproof" method... you can only make sure you get as close to foolproof as needed for the data your storing.

dotnotwhat

Forgot to say, if you have a mobile phone that can run Java apps, there are plenty of password manager utilities that you could try that will store your passwords, etc, fully encrypted. This is what I do and I find it really useful. Has got me out of trouble once or twice when I wouldn't have had internet access too.

steamPunk

dotnotwhat wrote:
Personally if I was doing this, I would additionally encrypt the data stored on the server, so even if someone gets hold of it, it would be next to useless to them to get anything out of it, or at least make it very troublesome for them. Your PHP can do the decryption when you supply it with a decent passphrase only you will know.

what's this kind of encryption called ?
would you by any chance have a link to an online resource where i could read up about it ?

thanks

dotnotwhat

You will need to use two-way encryption so that you can get your data back into plaintext to display it (opposed to things like MD5 and SHA1 which are one-way). You can do this with PHP's Mcrypt functions or with more tinkering, using something like GPG.

PHP Freaks has an introduction to Mcrypt and PHP which might be useful. They build some simple to use functions that you can probably use for the encyption and decyption processes. I think they embed their secret key in their PHP code, but you could modify it so you supply it via a form field on your web page.

Also, there's PHP's manual pages for Mcrypt.

steamPunk

brilliant, thanks !

MarkR

In almost every case, if you need encryption (and trust me, you'd better NEED it if you're going to use it), the application is the wrong place to put it.

Your operating system supports encrypted filesystems and/or block devices- if you feel that you need to encrypt data on disc, use those.

Your web server supports encrypted connections- if you want protect data in transit, use that.

Think about who you're trying to protect data from. If you're encrypting data on the server locally, who are you defending against? Where are you going to store the key? Because someone who has compromised the server WILL be able to obtain the key.

Mark

dotnotwhat

What's wrong with storing the key in your head? As long as you can come up with a decent length / cryptic key that you can also remember in your head, then there's no need to leave it on the server. If you were to leave it on the server, I'd say it's arguably not worth doing at all.

An encrypted file system could be useful, especially protecting against physical data theft of the server itself, etc, but once the file system is mounted on the server so PHP can read and write to it, it would be trivial for an attacker with root access to also gain simple access. I don't think it actually offers much more protection over a non-encrypted file system in this situation.

Mcrypt is not hard to use and if you keep the key to yourself, nobody is going to be getting at your data without that key... not without a fight any way!

MarkR

Someone who compromises your server can modify its software such that it records the key as soon as it is entered (or sends a copy of the decrypted data).

As such, this method provides no security against your server being compromised, or at least no more than using an encrypted filesystem.

Moreover, application level encryption will massively complicate your application and defeat some kinds of optimisation (caching, indexing etc)

Mark

dotnotwhat

Quite true...

I don't think there is any perfect answer for this scenario, especially if you don't have full control of the web server in question.

I suppose you could use Javascript to do the encryption and decryption on the client side (using AES for example) which would work for a simple app like this, but then that still leaves the possibility that someone with access to the server modifies the javascript code, etc....