0

My application is a website for online purchase. I (php server) will collect client's requests and send them to the processing gateway. The gateway cannot directly talk to the clients, and it requires my authentication details to have communication with me. Because clients need to get immediate response from the gateway while online, so I have to put my authentication details in my server-side php script. I know that's not safe. So how can I make it secure?

Thanks!

Michael
  • 2,075
  • 7
  • 32
  • 46
  • Are you worried that someone with access to the server can look at it? – Marek Karbarz Apr 17 '11 at 05:49
  • Usually a session function, and usually you don't build your own sessions from scratch at least in php. How are you handling sessions? – dkretz Apr 17 '11 at 05:51
  • possible duplicate of [PHP: Safe way to store decryptable passwords](http://stackoverflow.com/questions/2556015/php-safe-way-to-store-decryptable-passwords) – Pekka Apr 17 '11 at 05:52
  • @Pekka: If I got it correctly - OP connects to some 3rd party service with that credentials. So he need to store them in some recoverable form, so hash is not an answer. – zerkms Apr 17 '11 at 05:53
  • @zerkms yeah, the first links I posted didn't apply. But the new one should – Pekka Apr 17 '11 at 05:55
  • @Pekka: I still cannot get the idea. If script can decrypt the crypted password to plain-text form, then a hacker can do the same, just by repeating the same steps script does. What is the profit then? – zerkms Apr 17 '11 at 05:56
  • @zerkms well, encryption provides a *bit* of additional security if an attacker gains access to the database only, but not the location where the key is stored. It's all one can do, isn't it? There is no way to make this more safe as far as I can see. – Pekka Apr 17 '11 at 05:58
  • @Pekka: in some reason I expected that OP has the only one connection to remote service and stores credentials right in the scripts. At least that is how I would implement is :-S – zerkms Apr 17 '11 at 06:00
  • Here's another one: http://stackoverflow.com/questions/4899876/securely-storing-user-credentials-in-db-for-php-web-application – Pekka Apr 17 '11 at 06:00
  • @zerkms if it's about *one* set of credentials only, you're indeed right. – Pekka Apr 17 '11 at 06:01
  • Yes, @zerkms got me right, the gateway has to receive plain-text user/pass to authenticate me. But my user/pass cannot be seen by others like clients. I cannot expect the gateway to decrypt the message. But even I stored encrypted user/pass in scripts, if someone hacked into the server, they can decrypt them anyway, and basically they can change everything... – Michael Apr 17 '11 at 12:45

2 Answers2

1

Since your script has to be able to get your username/password for the payment gateway, regardless of how "securely" you store them, at some point they'll be exposed in raw unencrypted form, even if only in memory.

The problem boils down to how much time and effort you want to spend "securing" the user/pass, vs. how much it'd cost you to clean up after a compromise. Let's say you spend $2000 in time/effort securing your site. The effort pays off an no one breaks in. However, it would only have cost you $100 in fines after a break in, so you've got a net loss of $1900.

Marc B
  • 356,200
  • 43
  • 426
  • 500
0

A basic way to do this is put the auth details into a file maybe init.inc and place this file outside of the web root. So you might have 

 - \site_directory\ 
      - \secure_include\
           - init.inc
      - \siteroot\
           - \css\
           - \includes\
           - \images\
           - login.php

This way at the very least if anything goes wrong with apache + php parser the plain text files will not be viewable in a web browser.

wired00
  • 13,930
  • 7
  • 70
  • 73
  • Yes, that's one way I can think of. But I am worried that if someone hacked into the server, they can find it anyway. So normally, I would not put such information on the server. – Michael Apr 17 '11 at 10:26