Jump to content


Photo

Security of the password in the connection to MySQL from PHP


  • Please log in to reply
1 reply to this topic

#1 DJJONES

DJJONES
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 19 May 2006 - 06:38 PM

Hi,

Forgive me if this has been asked a thousand times before, but I have looked for the answer and as yet … not found it.

I have written a couple of mini PHP / MySQL applications where the data was not particularly sensitive, but nevertheless I a was uncomfortable with the standard:

$server = mysql_connect($host, $username, $password) or die(mysql_error());

:which exposes a database user Id and password in the PHP script.

I have searched for any indication that others are concerned and found nothing, I’ve seen advice that the User Id used to connect should have the minimum of privileges consistent with its needs. I agree but this is just reducing the scope of the potential issue not solving it.

I feel very unsure about the idea of storing private or financial data in a database where the key has been exposed to anyone capable of getting read access to a source file on the web server.

Can you reassure me or offer an alternative – any response will be gratefully received.

DJJ


#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 20 May 2006 - 12:23 AM

OK.

There is always an issue of someone simply guessing the correct username password combo. But in this case there is much more going on not only does the hacker need to know the login details but they must also know how to get access to the database away from your php scripts - i.e. phpmyadmin.

In order to do that they would need to know the url of your server control panel (and the login details for that of course) or phpmyadmin tool. So its not JUST the database username password they need.

These values are not spilled out in any http headers sent between client and server. The php scripts contain the login details and reside on the server they have no need to send any information other than success/failuer to the client to establish a connection.

The only information that can be viewed without any knowledge of usernames and passwords for your server/ftp/database are those sent in the headers. That is information the user submits to the server and any information the server sends back - like cookie values etc. etc.

The only answer is to use 2 database connection files - one for the front end where people can insert/view/edit and a spearate file for admin purposes with full rights - and in an obscure direcory on your site (with ALL directories of your site having an idex.htm or index.html or whatever the server default is.)

If you are concerned about this type of information then you should ensure that login is secure by using ssl. If you aint got a certificatte I think they are about £60-70 - but your hosting provider may have some facility you can use.
follow me on twitter @PHPsycho




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users