Keeping My Connection Info Safe

[verdrm]

I am working on a CMS for use with my clients' websites. Although I host the CMS system on my server, their websites are hosted with other providers. I have setup my CMS system to provide a hash value which corresponds with their CMS account, and I place that hash value on their PHP files so that only posts from their accounts show up on their pages (ex. News posts, Announcements, etc.). The problem is that I have to add my server's MySQL connection info to their web pages and I can't be sure that they are the only ones able to view that data (other employees, friends, etc.).

 

Can anyone think of an alternative to placing the data directly on the web pages? Is there another way to still 'connect' the pages to the MySQL database without exposing my connection info?

[willpower]

could you place the connection file on your server and include this file

 

ie

 

include 'http://my.server.com/client/connection.php'

 

? Just a thought.

 

Will

 

PS PHP5 has this URL include disabled by default but earlier versions dont

 

 

[MmmVomit]

You don't want to put it in a PHP file.  Those aren't secure.

 

I can't remember all the details, but you need to tie this data to your domain through the web server.  Look for Chris Shiflett's book on PHP security.  It's quite good.

[verdrm]

I was thinking about require_once 'filename' but I'm not sure if that works only because the file would not be on their web server. I guess I could try. The only problem with requiring a file from my remote web server is that they can in-turn see where that file is, and if the wrong person saw what variables I was collecting from it they could still obtain the db connect information. Does that make sense?

 

Any other thoughts?

[teng84]

i dont understand even if they know where your file reside they cant open it unless they have the ftp account?

[verdrm]

That's true, they can't actually see my connection info, but see what the previous posters are saying is incorrect. Even though the people who I give the files to cannot see my connection info, they still can see in my PHP files what 'information' I am requesting. They could just write a script echoing $username, $password, $host, etc. and see the information. I need a way for my PHP files to still interact with MySQL without a user at their end finding my connection info.

 

To sum that up:

 

If I add to index.php on their end " require_once 'domain.com/dbconnect.php' ", and then request in that file $host, $username, etc. they could just write another line echoing that info (echo $host;).

 

I guess my scenario just isn't possible yet? Could I encrypt my connection info and then decrypt it on their side? If so, how would I do that without those users being able to see my decryption method?

 

[corbin]

Without extending MySQL, (this is pretty close minded in a way), to put it simply, if you make the connection on their side, they will know your information.

 

You could make it post the data to a page on your site and then back to their site, or you could simply use curl or something like that (even straight headers if you needed to do minimal stuff), and then your script would handle inserting data.  You would need to make sure to authenticate their script so that if someone found your server's script they couldn't do anything.

 

There might be a better way, but that's all I can think of.

[teng84]

heres my question for you and i guess this might also an answer

 

how can they wirte an script on your domain etc.. server script cant be changed in clients side

once the browser runs it will interpret your code as printed html so theres no way they can add a script echoing just what you say. if your problem is applicable then all sites are in danger i guess and i believe this also use kthe most common and effective way of defining connectin which turns out as your problem.

 

but if they can open your page (your script) what ever hashing you do i believe its useless

[verdrm]

teng84,

 

They aren't writing a script on my domain or server. They could write a script on their server because they would have scripts of mine with connection info to my MySQL server. I'm just trying to be mindful of possible security threats -- I realize that either way they can see on their end how their scripts interact with MySQL on my end.

[MmmVomit]

This problem is covered quite thoroughly in this book.

 

http://phpsecurity.org/

 

I'm not pushing the book.  If you don't want to buy it, go check it out at the library.  It's quite good.

[deadonarrival]

It's not ideal, but to add an extra layer of security you could "hide" a salt, or encryption, in the scripts.

 

IE you have a dbconnect file

$user = "myusername";

$password = "mypass"; (can be anything)

$host....

etc.

 

Then somewhere else in the script, hash this, md5 would do.

$password = md5($password);

 

The md5'd version being the actual password to your server.

 

If nothing else it makes a casual "oh look, password information" user go "eh?" and maybe assume you know something they dont and give up.

 

Another idea might be to add other things...

$password = $user.$password; could help... and use that as your db password

 

They aren't the kind of thing that would put off a determined nasty person... but most people won't trawl through your code looking for where you edit the password, they'll just assume they're doing something wrong and give up.