A Better Approach Than Storing MySQL Password in Plain Text in Config File

a better approach than storing mysql password in plain text in config file?

Since your code will need the password there is no perfect security. But you can make it hard to recover.

I put some hash in my web config, as an environment variable, say MYSQL_PASS_HASH

Then I do something like md5(getenv('MYSQL_PASS_HASH').'gibberish$qwefsdf') which is then the password. Of course you should unsetenv after that if you're paranoid.

Your password will not literally be stored somewhere, and it can be recovered only when someone has both you web config and your database include.

This happens in a file outside of the webroot (don't put all your trust in .htaccess).

how safe are mysql login credentials in this

It's secure as long as nobody can access the text contents of test.php. A reasonable best practice would be to store the credentials somewhere that's not accessible by a visiting user, so that if for instance the contents of example.com are put in a folder /some/path/to/www-data, you could put the file somewhere else, like /some/path/to/credentials.php. That way, the web server can still load the file, but external users won't be able to access it.

In addition, while we're discussing MySQL/PHP best practices, please note that the mysql_ functions have been deprecated, and for good reason. Instead, I suggest you use mysqli_ (where the i stands for improved), or PDO. You can read more about it here: How can I prevent SQL injection in PHP?

Secure MySQL Root Password?

That password has to be stored somewhere in order for it to work. Even if you encrypted that password and someone accessed your config file they could login with that encrypted password. You can do following 4 things to start with.

1. Do not run your script as root create a new username and assign only the required database permissions to it. Do not save your root password in your config
2. Allow access to your MySQL only from localhost, do not allow remote access
3. Review http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html
4. Do not store your config file in your web accessible folders. Doing this you will add some additional security and unless your server itself is compromised, it will not be easy to get to that file using only HTTP.

However, none of these guarantee foolproof security, they just make it harder for someone to get there

Best practice for storing usernames & password in MySQL Databases

For the password hash use PBKDF2 it's NIST approved. You should use a random non-secret salt for each password and nontrivial (over 1000) iteration count.

For the username and email, probably not worth encrypting.

How to connect to MySQL from Java without storing password as plaintext

If you are deploying your application to an application server (Weblogic/tomcat) you can create a datasource on the server with the required credentials to the database.
From your application you can connect through the datasource just by mentioning its name.

Why is database password stored in plain text in wp-config.php in WordPress, security issue?

If your users can read your wp-config.php you've already lost from a security perspective.

Let's say the database credentials weren't stored in plain text and were, say, stored as an encrypted string that would be decrypted by Wordpress itself. If the potential attacker can read the wp-config.php they can probably read the decryption key as well as there's no reason to suspect that that would be stored any more securely.

When people talk about how up to date security mechanisms use hashing and salting that is only relevant to when you are the effective server. Hashing is a one way process of taking a password and converting it into something that is impossible to reverse back into the password. If you're a client rather than a server, there's no way to get around the fact that you need to have a way of getting the plain text password.

Is it ever ok to store password in plain text in a php variable or php constant?

The short answer is both No, and It Depends.

It's almost never a good idea to store passwords in plain text, especially in a web accessible location, if for no other reason than a simple server misconfiguration or an echo in the wrong place could expose it to the world.

If you MUST store a password, (which is possible) you could try to store it outside the webroot, eg
/var/www/public_html/ Put your codez here

/var/www/includes/ Put your passwords here

Even better than that would be to have the system that you need the password for (eg a database wrapper ) return an object already instantiated. so rather than asking for $databasepassword you ask for a PDO object, and store your database classes outside the webroot.

The It Depends comes from what attack vectors would cause someone to have access to that password text, and would it require them to be already inside your filesystem, if so, you're probably screwed anyway.

Also, if its the password to your supa-secrit subscriber content, meh, all you've lost is some subscription fees, if its your database, you may have a problem, if it's your online banking details, um good for you.

How valuable is the thing the password is protecting?

---

Related Topics