0

In my application, I have a "system" email address which is the FROM email address for all emails generated by the application.

I am using the PHPmailer class to send emails.

To send an email, the FROM address and password is needed. What would be the best way to save this info? I would like to save it in MySQL so that from the admin area, the admin can easily update the FROM address, but then having the password also saved in MySQL wouldn't be good from a security standpoint, right?

I could save the info in an .ini file outside of public_html, but then it's not as easily updated if the FROM address needs to change.

Any suggestions?

MultiDev
  • 10,389
  • 24
  • 81
  • 148

2 Answers2

0

There is going to be some level of risk including a password in your application as it will need to be stored, at some level, in plaintext. In your case I would recommend storing the password in the database so that it can be updated via your application, however to avoid it being stored in an easily readable format you could encrypt it using a password stored in an .ini file outside your server's document root.

The password can still be decrypted should your web server be compromised, but it does reduce the attack vectors - the password is no longer stored in plaintext in the database as well as being accessible via the web server.

doublesharp
  • 26,888
  • 6
  • 52
  • 73
  • This answer has some good example code for 2 way encryption, your implementation will be a little different however as I'm assuming you can't require user input to decrypt the password: http://stackoverflow.com/a/5093422/1427161 – doublesharp Oct 08 '15 at 16:43
  • Yes, I love that PHP class, but the encrypted string is so long when using `bin2hex` to save it to MySQL. I just wish it was a bit shorter. – MultiDev Oct 08 '15 at 16:47
  • Then it wouldn't be as secure :) Text is stored pretty efficiently, so unless you are dealing with a *lot* of passwords it shouldn't be that impactful. – doublesharp Oct 08 '15 at 17:05
-1

So, you feel the badness of saving the password in the database, which is very good. Don't want to do that.

The first question that could be asked is whether you are placing your config files in the document root (which means they will be accessible directly from the web). A server error (malfunction or intentional) could cause those files to be displayed as text, revealing your database credentials to everyone viewing it at the time. If you are doing something like bootstrapping, this isn't so much of a concern.

So, once you know where to place it, put it in an .ini file, for which PHP has very good support out of the box. Save it in a file called config.ini and place it outside of the document root, so it is not accessible from the web. Also make certain that this config.ini is not under source control! Don't suck it into your repo! What follows should show you how to abstract away your connection to your mailer and secure credentials in the file outside of your application logic. The following example is for a DB connection but you will see the pattern.

// Load configuration as an array. Use the actual location of your configuration file
$config = parse_ini_file('../config.ini'); 

// Try and connect to the database
$connection = mysqli_connect('localhost',$config['username'],$config['password'],$config['dbname']);

// If connection was not successful, handle the error
if($connection === false) {
    // Handle error - notify administrator, log to a file, show an error screen, etc.
}
Shawn Mehan
  • 4,513
  • 9
  • 31
  • 51