PlanetScale Posted September 4, 2015 Share Posted September 4, 2015 Hey all, Hoping that this is something that is possible with PHP as standard or can be added through a PHP extension. I would like to setup something similar to the Windows registry or a password keychain but for my PHP applications which will allow me to securely store usernames and passwords for accessing databases and remote servers without needing to have them stored in the file system where someone could get access to them by reading the source code of the PHP app. Is this possible or is there another option that will achieve something similar? Any pointers would be appreciated. Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/298049-php-registry/ Share on other sites More sharing options...
mac_gyver Posted September 4, 2015 Share Posted September 4, 2015 by reading the source code of the PHP app what makes you think that the php source code in a .php file would be accessible? Quote Link to comment https://forums.phpfreaks.com/topic/298049-php-registry/#findComment-1520227 Share on other sites More sharing options...
QuickOldCar Posted September 4, 2015 Share Posted September 4, 2015 You never want to store raw passwords, instead save the passwords as one way encrypted hashed values Use password_hash and password_verify Quote Link to comment https://forums.phpfreaks.com/topic/298049-php-registry/#findComment-1520229 Share on other sites More sharing options...
scootstah Posted September 4, 2015 Share Posted September 4, 2015 You never want to store raw passwords, instead save the passwords as one way encrypted hashed values Use password_hash and password_verify It sounds like he wants to be able to store a username/password to later send to other remote servers. There is going to be an inherent risk in what you want to do. Your only real option is to use encryption, since you'll need to retrieve the password again. Hopefully you fully disclose to your users that you are storing their credentials. Unfortunately this is one of those things that if you have to ask, you're not qualified to implement it safely. Quote Link to comment https://forums.phpfreaks.com/topic/298049-php-registry/#findComment-1520239 Share on other sites More sharing options...
ginerjm Posted September 4, 2015 Share Posted September 4, 2015 (edited) You ask: I would like to setup something ... which will allow me to securely store usernames and passwords for accessing databases and remote servers without needing to have them stored in the file system. Shouldn't username and passwords be coming from the users? And why would anything be stored in the file system when you have a db? If you want to access a remote server you could store the credentials in a table and let your appl go get it. That s/b pretty secure - especially once the user (?) logs in correctly. Edited September 4, 2015 by ginerjm Quote Link to comment https://forums.phpfreaks.com/topic/298049-php-registry/#findComment-1520248 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.