Jump to content

How can I store SMTP passwords in a secure manner?


lush_rainforest

Recommended Posts

What is the most safest way to store SMTP passwords? I was thinking about storing it in a database however I don't want to store it as plain text and I don't know if using the password_hash() functions will help. How would PHPMailer send any mails if I have to use password_verify()? I want the mail to be sent automactially without any manual modifications to it. Then I also had another thought, what if I store it directly in a PHP file. Is it any safe? But this thought may seem pretty breakable since I was thinking about storing it via plain text.

 

What do you guys think?

Link to comment
Share on other sites

The password hashing/verifying stuff won't help: you cannot recover the original password once you've hashed the data.

 

First step: what are you trying to protect against? Someone casually looking at code and seeing the password? A rogue developer who can run code in a development environment but not see any production data? Someone with shell access to the server recovering the password?

Link to comment
Share on other sites

The password hashing/verifying stuff won't help: you cannot recover the original password once you've hashed the data.

 

First step: what are you trying to protect against? Someone casually looking at code and seeing the password? A rogue developer who can run code in a development environment but not see any production data? Someone with shell access to the server recovering the password?

I was thinking about just storing it so that PHPMailer can access the password and send the emails accordingly. I'm not sure which is the safest way to do so. So I'm guessing that the first step would be to protect regular users from seeing it or breaking into the code and seeing the password.

Link to comment
Share on other sites

regular users from seeing it

Regular users cannot see your PHP code.

 

or breaking into the code

Regular users cannot "break into" code.

 

Alright, so you want to protect the password in a general sense. Put it in a PHP file that is not part of your source code (like you don't put it up on GitHub or whatever), put it on your live server in a place that isn't part of the website (like /home/you/config when your website is at /home/you/public_html), and have your code read that file (via include/require or parse_ini_file() or whatever).

 

If you use shared hosting then you should check the file permissions, but that depends on how the server is set up...

Link to comment
Share on other sites

Alright, so you want to protect the password in a general sense. Put it in a PHP file that is not part of your source code (like you don't put it up on GitHub or whatever), put it on your live server in a place that isn't part of the website (like /home/you/config when your website is at /home/you/public_html), and have your code read that file (via include/require or parse_ini_file() or whatever).

 

If you use shared hosting then you should check the file permissions, but that depends on how the server is set up...

Ok, so that is what I was guessing then. The idea is to store it in a PHP file seperate from source code. Alright thanks. Should I stop storing it as plain text in the database then? I'm using prepared statements and I'm escaping on output so is that all I need to do?

Link to comment
Share on other sites

The most secure way is to completely isolate the mail script from your Internet-facing Apache/PHP environment and run it as a cronjob under a separate Unix account. As long as the script is only readable by that account, it's relatively safe to store the plaintext password in it.

 

If this is not an option, store the password in a configuration file outside(!) of the document root and make it reabable only by the Apache/PHP account (e. g. www-data). This isn't as secure as the above option, because a file inclusion vulnerability on your website can expose the password, but it's better than nothing.

 

Either way, do not store the password inside the database. Since SQL injection vulnerabilities are so common, there's a huge risk of attackers simply fetching your “secret” data.

Link to comment
Share on other sites

Either way, do not store the password inside the database. Since SQL injection vulnerabilities are so common, there's a huge risk of attackers simply fetching your “secret” data.

I'm well aware of that. That's why I made this topic and asking these questions. So it's best to store the password in a PHP file and require it from the source code and then place the PHP file outside of the root directory correct?

Link to comment
Share on other sites

That's why I made this topic and asking these questions.

 

And that's why I'm answering your questions.

 

 

 

I'm well aware of that. That's why I made this topic and asking these questions. So it's best to store the password in a PHP file and require it from the source code and then place the PHP file outside of the root directory correct?

 

No, it's not the best option, because then the password is still accessible to the Internet-facing PHP environment. But if you're running on some limited shared host where you can't create new accounts and cronjobs, this is the best you'll get.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.