Jump to content

How to store mysql password in memory, outside of a file?


cahrehn

Recommended Posts

I'd like to beef up the security of an app by keeping the mysql password out of any files anywhere. I'd like to input it through the command line once I start up the app and have it read from memory anytime a mysql request is going to be made.

 

Is there a way to do this? Any ideas?

Link to comment
Share on other sites

@Mark: I agree that it's not practical, but in this case security is a bigger concern for me. I don't see any other way of securing the app in the case that someone gets physical access to the machine, or even command line access outside of the web directory.

 

@PFMaBiSmAd: It's not secure in the case that someone gets physical and/or command line access to the machine. It would be sitting right there in plain-text.

Link to comment
Share on other sites

@Mark: I agree that it's not practical, but in this case security is a bigger concern for me. I don't see any other way of securing the app in the case that someone gets physical access to the machine, or even command line access outside of the web directory.

APC is a possible if you really want to try this approach, or memcache; though if your code can read it from memory, then so can Hackers Inc.

Either you'd need a script to set the password into memory whenever you restarted your server, or you'd need it in a file.

 

@PFMaBiSmAd: It's not secure in the case that someone gets physical and/or command line access to the machine. It would be sitting right there in plain-text.

If somebody has got physical or command line access to your machine, you probably have very real problems anyway, irrespective of whether passwords are held in memory or not.

You can always encrypt passwords. If you're that paranoid, I assume you have a valid ssl certificate, in which case, use that to encrypt your password in a file.

Link to comment
Share on other sites

The mysql username and password is only used to secure the connection to the database server and limit what can be done over that connection. If someone has physical access to your server, they HAVE your actual database data files and can read any of the information in them.

Link to comment
Share on other sites

@Mark: Thanks, I'll look into APC and ssl encryption to see if either will do what I want.

 

@PFMaBiSmAd: The database will be on a separate machine, so having the password absent in plain text will offer an added layer of security, especially in the case that someone without physical access gets control of the web server. They can break the app (easy to fix/restore), but they can't get to the data behind it as easily.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.