lush_rainforest Posted January 20, 2016 Share Posted January 20, 2016 What is the most safest way to store SMTP passwords? I was thinking about storing it in a database however I don't want to store it as plain text and I don't know if using the password_hash() functions will help. How would PHPMailer send any mails if I have to use password_verify()? I want the mail to be sent automactially without any manual modifications to it. Then I also had another thought, what if I store it directly in a PHP file. Is it any safe? But this thought may seem pretty breakable since I was thinking about storing it via plain text. What do you guys think? Quote Link to comment Share on other sites More sharing options...
requinix Posted January 21, 2016 Share Posted January 21, 2016 The password hashing/verifying stuff won't help: you cannot recover the original password once you've hashed the data. First step: what are you trying to protect against? Someone casually looking at code and seeing the password? A rogue developer who can run code in a development environment but not see any production data? Someone with shell access to the server recovering the password? Quote Link to comment Share on other sites More sharing options...
lush_rainforest Posted January 21, 2016 Author Share Posted January 21, 2016 The password hashing/verifying stuff won't help: you cannot recover the original password once you've hashed the data. First step: what are you trying to protect against? Someone casually looking at code and seeing the password? A rogue developer who can run code in a development environment but not see any production data? Someone with shell access to the server recovering the password? I was thinking about just storing it so that PHPMailer can access the password and send the emails accordingly. I'm not sure which is the safest way to do so. So I'm guessing that the first step would be to protect regular users from seeing it or breaking into the code and seeing the password. Quote Link to comment Share on other sites More sharing options...
requinix Posted January 21, 2016 Share Posted January 21, 2016 regular users from seeing itRegular users cannot see your PHP code. or breaking into the codeRegular users cannot "break into" code. Alright, so you want to protect the password in a general sense. Put it in a PHP file that is not part of your source code (like you don't put it up on GitHub or whatever), put it on your live server in a place that isn't part of the website (like /home/you/config when your website is at /home/you/public_html), and have your code read that file (via include/require or parse_ini_file() or whatever). If you use shared hosting then you should check the file permissions, but that depends on how the server is set up... Quote Link to comment Share on other sites More sharing options...
lush_rainforest Posted January 21, 2016 Author Share Posted January 21, 2016 Alright, so you want to protect the password in a general sense. Put it in a PHP file that is not part of your source code (like you don't put it up on GitHub or whatever), put it on your live server in a place that isn't part of the website (like /home/you/config when your website is at /home/you/public_html), and have your code read that file (via include/require or parse_ini_file() or whatever). If you use shared hosting then you should check the file permissions, but that depends on how the server is set up... Ok, so that is what I was guessing then. The idea is to store it in a PHP file seperate from source code. Alright thanks. Should I stop storing it as plain text in the database then? I'm using prepared statements and I'm escaping on output so is that all I need to do? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 21, 2016 Share Posted January 21, 2016 The most secure way is to completely isolate the mail script from your Internet-facing Apache/PHP environment and run it as a cronjob under a separate Unix account. As long as the script is only readable by that account, it's relatively safe to store the plaintext password in it. If this is not an option, store the password in a configuration file outside(!) of the document root and make it reabable only by the Apache/PHP account (e. g. www-data). This isn't as secure as the above option, because a file inclusion vulnerability on your website can expose the password, but it's better than nothing. Either way, do not store the password inside the database. Since SQL injection vulnerabilities are so common, there's a huge risk of attackers simply fetching your “secret” data. Quote Link to comment Share on other sites More sharing options...
lush_rainforest Posted January 21, 2016 Author Share Posted January 21, 2016 Either way, do not store the password inside the database. Since SQL injection vulnerabilities are so common, there's a huge risk of attackers simply fetching your “secret” data. I'm well aware of that. That's why I made this topic and asking these questions. So it's best to store the password in a PHP file and require it from the source code and then place the PHP file outside of the root directory correct? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 21, 2016 Share Posted January 21, 2016 That's why I made this topic and asking these questions. And that's why I'm answering your questions. I'm well aware of that. That's why I made this topic and asking these questions. So it's best to store the password in a PHP file and require it from the source code and then place the PHP file outside of the root directory correct? No, it's not the best option, because then the password is still accessible to the Internet-facing PHP environment. But if you're running on some limited shared host where you can't create new accounts and cronjobs, this is the best you'll get. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.