Jump to content

Recommended Posts

Hey all,

 

Hoping that this is something that is possible with PHP as standard or can be added through  a PHP extension.

 

I would like to setup something similar to the Windows registry or a password keychain but for my PHP applications which will allow me to securely store usernames and passwords for accessing databases and remote servers without needing to have them stored in the file system where someone could get access to them by reading the source code of the PHP app. Is this possible or is there another option that will achieve something similar? Any pointers would be appreciated.

 

Thanks.

Link to comment
https://forums.phpfreaks.com/topic/298049-php-registry/
Share on other sites

You never want to store raw passwords, instead save the passwords as one way encrypted hashed values

 

Use password_hash and password_verify

It sounds like he wants to be able to store a username/password to later send to other remote servers.

 

There is going to be an inherent risk in what you want to do. Your only real option is to use encryption, since you'll need to retrieve the password again. Hopefully you fully disclose to your users that you are storing their credentials.

 

Unfortunately this is one of those things that if you have to ask, you're not qualified to implement it safely.

Link to comment
https://forums.phpfreaks.com/topic/298049-php-registry/#findComment-1520239
Share on other sites

You ask:

 

I would like to setup something ... which will allow me to securely store usernames and passwords for accessing databases and remote servers without needing to have them stored in the file system.

 

Shouldn't username and passwords be coming from the users? And why would anything be stored in the file system when you have a db? If you want to access a remote server you could store the credentials in a table and let your appl go get it. That s/b pretty secure - especially once the user (?) logs in correctly.

Edited by ginerjm
Link to comment
https://forums.phpfreaks.com/topic/298049-php-registry/#findComment-1520248
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.