1

I am creating a log-in website where users use username and password to log-in and write their dairy. I have created a SQL database named 'diary' which can be accessed using the following on my localhost.

$dbhost = 'localhost:3306';
$dbuname = 'diary';
$dbpass = 'guest123';

Inside the database diary I created a table which stores 3 information of type VARCHAR i.e.

  • user_id
  • password (I just used plain-text for tutorial purpose)
  • name

In the above example I provided the password and the name of the database in the following code, to have access to the database.

$conn = mysqli_connect($dbhost, $dbuname, $dbpass);

My question is, it is safe to hard-code the password of the database (eg. password of database diary)? Considering an online application, if a hacker can hack into the server, then he will have full access to the database, because I have hard-coded the password in my program.

What I have assumed in the above example is that I have one database diary that stores all the users log-in information.

Another alternative is that every user has their own database which is created when they sign-up. However, I believe that this option is not an ideal because all the databases of individual users are dis-joint and it may be difficult to manage.

I just need some explanations of this issues as I am new to this part, especially SQL. Say I have 1 million users, Which approach is better way to implement this example?

kcc__
  • 1,638
  • 4
  • 30
  • 59
  • 4
    `password (plain-text)` I can tell you right now, that that is a bad idea. – Funk Forty Niner Nov 20 '17 at 15:16
  • This is just an example for my own learning, ofcourse MD5 or RSA encryption are there which I can use. – kcc__ Nov 20 '17 at 15:17
  • 3
    MD5??? you may as well just stick with plain text *lol!!* – Funk Forty Niner Nov 20 '17 at 15:18
  • @kcc__ You don't want to use those either – GrumpyCrouton Nov 20 '17 at 15:18
  • 5
    No! You should use *password_hash* function of php. – BenRoob Nov 20 '17 at 15:18
  • 1
    To come back to your question: due to make a connection from PHP to a database, you have to provide a password as plain parameter - if your db user has a password. (Please correct me if am wrong with connecting *with password to database* !!) – BenRoob Nov 20 '17 at 15:23
  • With PHP use [`password_hash`](http://php.net/manual/en/function.password-hash.php) and [`password_verify`](http://php.net/manual/en/function.password-verify.php), the pair are secure and easy to use. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Better yet use a function such as `PBKDF2`, `Rfc2898DeriveBytes`, `Argon2`, `password_hash`, `Bcrypt` or similar functions. The point is to make the attacker spend substantial of time finding passwords by brute force. – zaph Nov 20 '17 at 15:41

2 Answers2

0

Your questions is very interesting and I can separate it in three:

  1. How to store passwords in Database
  2. Does it ok to have different databases

  3. How to hide the database password in the files

    1. For the first question, you should hashing functions (they can't be restored back programmatically). For php is best to use password_hash() and password_verify() and this is pretty easy for work.

    2. You can't do it, this is not a property way. What will happens when you have more then 1M users? :)

    3. If they have access to the server they can work with the database, so you can't stop them, but if you want to hide them please read more about RSA and AES file encryption. Also you can use some functions as hex2bin and bin2hex, but this is not really hidden. The another way is to move these files some kind of permission protected directory, but really it's much more difficult to be done.

Kristiyan
  • 1,655
  • 14
  • 17
  • (1) and (2) is very clear to me now. For (3), you mentioned about RSA encryption, if I am not wrong, then if I encrypt the password, then before making connection of the SQL, I will have to de-crypt it? Is that correct? – kcc__ Nov 20 '17 at 15:31
  • @kcc__ What reason would you ever have to need to view a users password in plain text? There should never be any reason to decrypt. – GrumpyCrouton Nov 20 '17 at 15:37
  • @GrumpyCrouton, I meant the `$dbpass` which is used for opening connections to the database. – kcc__ Nov 20 '17 at 15:38
  • @kcc__ Oh I see. Well users can't see PHP unless they have access to the file itself. – GrumpyCrouton Nov 20 '17 at 15:41
  • @kcc__, Sorry, I don't know way to do it without decryption. – Kristiyan Nov 20 '17 at 15:42
  • 2
    **Do not encrypt passwords**, when the attacker gets the DB he will also get the encryption key. – zaph Nov 20 '17 at 15:43
  • RSA is not used for file encryption. – zaph Nov 20 '17 at 15:44
  • @GrumpyCrouton yes that is correct, however should a hacker get an access to the PHP script with `$dbpass` hard-coded in it, then they can retrieve the information in the database. This is one part I am still confused, as how to secure this. – kcc__ Nov 20 '17 at 15:44
  • 2
    @kcc__ if they have access to the php file, they don't need your password in plain text, for sure. They can use the existing connection. – Kristiyan Nov 20 '17 at 15:46
-3

DO NOT store passwords in plain-text, you should use PHP's inbuilt function to hash the passwords:

// persist this hash in the db
var $hash = password_hash($plainPassword)

// verify later
if (!password_verify($givenPass, $hash)) {
  // provided password is incorrect, handle here
}

https://php.net/manual/en/function.password-hash.php https://php.net/manual/en/function.password-verify.php

Lars
  • 5,757
  • 4
  • 25
  • 55
yanxun
  • 566
  • 2
  • 10
  • 1
    It is a comment and not an answer to the original SO! – BenRoob Nov 20 '17 at 15:19
  • 3
    This does not provide an answer to the question. Once you have sufficient [reputation](https://stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](https://stackoverflow.com/help/privileges/comment); instead, provide answers that [don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). Also, the [StackOverflow Tour](https://stackoverflow.com/tour) is a very helpful resource! – GrumpyCrouton Nov 20 '17 at 15:19
  • sorry, not sure what constitutes a comment or answer. Should I delete this answer then? – yanxun Nov 20 '17 at 15:20
  • Flesh out an answer to the question or delete this answer and make a comment. – zaph Nov 20 '17 at 15:40