0

Paypal has mentioned on several occasions not to include username, password and signature in a web document. What is the most secure method for storing this n a shared environment?

Will i need PHP class variables set to protected, store it in a DB or have to store it in another location?

Hope someone can clarify.

Thanks

JamesBondInBlack
  • 87
  • 1
  • 9
  • What reason justifies saving paypal username/password? Normally you DON'T save it. Just let the user fill in his credentials. And most browsers will offer the user to save the password. The user has a choice. De values are saved client side, it becomes his own (and the browsers) responsibility. – VDP Oct 19 '12 at 08:44
  • I am referring to the API credentials for express checkout. Thanks – JamesBondInBlack Oct 19 '12 at 09:44

2 Answers2

0

You should store user passwords in a database using a one-way hashing algorithm such as bcrypt. Here's a great answer on how to use bcrypt.

Community
  • 1
  • 1
Wayne Whitty
  • 19,513
  • 7
  • 44
  • 66
0

People always answer this question the wrong way. This isn't about securely storing usernames and passwords in a database. It's about securely storing the credentials an application uses for connecting to various resources (eg: Database Server, PayPal API's, etc).

Standard practice is to parameterize your code, so that it reads these credentials from an external file. This file in turn will become the responsibility of the the system administrators, who will be in charge of encryption / security for it.

This thread has some good info on it: How to secure database passwords in PHP?

Community
  • 1
  • 1
Lenny Markus
  • 3,398
  • 2
  • 24
  • 30