WHERE TO STORE ACCESS DATA
You probably know that is not a good idea to keep access data unencrypted.
Account passwords, for example, should never be stored in plain text on the database (here is exactly how to hash passwords with php).
In some cases, however, access information needs to be unencrypted.
When PHP connects to a database, for example, it needs to provide plain text username and password to the database extension (PDO, MySQLi etc.).
Such access data cannot be encrypted, otherwise it would be inaccessible to PHP.
Where should you store plain text access data like that?
A good solution (the one I use too) is to keep it inside a separate PHP script. In the case of database connection data, this separate script should also connect to the database and then unset the access data variables in order to minimize the risk of data leaks.
This is how this file looks like:
<?php
$db = array();
$db['host'] = 'localhost';
$db['schema'] = 'db_schema';
$db['username'] = 'db_user';
$db['password'] = 'db_passwd';
$PDO = NULL;
try
{
$PDO = new PDO('mysql:host=' . $db['host'] . ';dbname=' . $db['schema'], $db['username'], $db['password']);
$PDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$PDO->setAttribute(PDO::ATTR_CASE, PDO::CASE_NATURAL);
}
catch (PDOException $e)
{
echo 'Connection failed.';
die();
}
/* We don't need access data any more here */
unset($db);
This file will be included by every PHP script that needs to access the database. The PDO object will be available and ready to be used (you can use any other database extension, of course) but the database access data will not be available any more.
For more details about how to connect to MySQL with PHP see my complete tutorial:
A great security improvement is to keep the access PHP file outside of the web server root directory, so that it cannot be accessed by remote clients.
It’s true that the web server doesn’t show the PHP code to remote clients, but since PHP can include files from any where (as long as the file is readable by the user running PHP) there is no reason to let remote users access this file.
Prevention is a very important part of a security framework.
What If there is some issue with the web server configuration? What if a security flaw can be used to read the PHP scripts’ content?
By storing the access script outside of the web server root, you will minimize the chances that it can be read by a malicious user.
Unfortunately you cannot keep it completely unreadable from the web server, because the PHP system user is the same as the web server’s.
However, you can make the file access policy as strict as possible and make it readable from the PHP user only.
If you use a *nix like system like Linux, you can use the chmod command to prevent other system users to read it.
A quick recap:
- keep the access data inside a separate PHP file;
- unset the access data as soon as possible to minimize the risk of data leaks;
- store the access file outside of the web server root;
- set the file permissions as strict as possible.
Remember to secure the database itself, too. The database accounts used by PHP should have limited privileges and should be allowed to connect only from the server where PHP runs.
This is also a good practice to contain damage from SQL injection attacks.
If you have any questions, feel free to ask in the comments below or on my Facebook Group: Alex PHP café.
If this tip has been helpful to you, please spend a second of your time and share it using the buttons below… thanks!
Alex