Secure connecting

starnol

Hi All,

Quick question. In a php script I am connecting to my Informix db with the standard ifx_connect("foo@bar","user","passwd") and our IT guy says this is unacceptable because somebody might get this info since it's in a plain file. He wants me to encrypt this info somehow or make it more secure. Can anybody help with ideas or how to present this to him?

Thanks,
Stephanie

[deleted]

First, it's not in a plain file, it's in a php file, which cannot be read as php-source from the outside world.

But he is correct in saying that things could be more secure.

You can use variables or constanct instead of the haardcoded strings:

ifc_connect($host,$user,$password)

You can include() these vars from a file that is located outside your webserver's document root, so only php and yourself can access it.
<?
// ifc vars
$host="foo@bar";
$user="foo";
$password="bar";
?>

Now for hacker to get access to the data he must:
a) become root on your webserver

b) Get access to place PHP scripts on your server, and correctly guess the location and name of your php file.

starnol

Thanks, that's pretty much what I figured I needed to do. I understand what you mean by plain files and I agree with you and tried to explain that. His words were that if something were to happen and the files were to not be processed then you have a plain file that could be shown through the browser. Which could thoretically happen. One thing I already do is to have all my functions as included files and my connection to the db is in one of those functions, but the issue was that I have my function file in the web tree so I guess I just need to move it out.

Thanks for your input. 🙂

Steph

gsmackay

Pardon my ignorance, but doesn't the user/passwd info still go across the network in plain text? Whether the command is hard coded or picked up from a file somewhere, the net result is that it travels to the server in plain text and can be sniffed? I can see if the sql server resides on the same box as the web engine (apache) that it won't travel anywhere so that's probably OK. But what if the sql engine is on another box?

Just curious. Sorry I don't have a solution if this is true. I'm just trying to understand the mechanics of the process.

Gary

[deleted]

Yes, the password is (as far as I know) sent in plaintext.
However, usually, for simple performance reasons, the database and webservers are placed closely together,
preferably connected to the same switch,
so sniffing is impossible unless you are in the computer-room. But if you have sniffing hackers in your
computer room you have a bigger problem than plaintext passwords.

Apart from that, database servers can be configured to check the hostname and IP of the requesting party, to see if they are allowed to even try to connect.

This also applies to many unix systems, only designated people on designated machines are allowed to logon.

So, even if you have username and password, many database servers will refuse your attempt before you get to use the password.