How can I protect a mySQL connection string in PHP?

Question

I know the rule: never hardcode your password, and I've seen this question here which explains what to with Java and mySQL, but I don't know what to do for PHP and mySQL.

The current connection string is made like this

<?PHP

$DBName = "dbName";
$Host = "localhost";
$User = "dbUser";
$Password = "Yikes_hardcoded_PW";

$Link = mysql_connect( $Host , $User , $Password , $DBName);

if (!$Link) {
    die('Could not connect: ' . mysql_error());
}

?>

but I need to have the password secured, ie not hardcoded in this file. How do I do it?

EDIT: For all the downvotes I getting on this, I still have not received a reply to the question which is about a genuine security concern - hardcoded passwords. It is not helpful to down vote on a genuine question without posting either a comment or answer that fulfils the question.

well, don't put a password in the code. If it's open source, no-one needs the password anyway — Rene Pot, Jan 31 '12 at 10:57
put it in a separate configuration file and ignore it in GIT — Bogdan, Jan 31 '12 at 10:58
You can put the password in a seperate file like Bogdan suggested and gitignore it for development purpose. For development it actually might be easier to just keep the password in dsn. Which way you go depends on your comfort level. For production, keep the passwords on the production box where your code will be executing. Restrict access to the box and manage the passwords set/reset through chef, puppet, fabric etc. — dminer, Apr 01 '14 at 21:26

KrzysztofPrugar · Answer 1 · 2013-03-28T20:58:47.420

I too am doing research on this topic. File permission is one of the strategies but there are so many vectors.

But lets say in one scenario you have FTP or SSH access to the server and someone compromises FTP login. This login is the same for the user account's public_html folder. That person could browse around and read these files. Pretty much at this point its bad. However, you could have a configuration on the system where you jail the user to his home directory only.

Perhaps then you could create a .private folder up one level outside of that user's home directory. Then in the php files for that user, who has his scripts in the public_html, include a connect file that exists in the .private folder (../../.private/connect.php for instance).

I don't know if this will work if the user is jailed- but this kind of seems like a security through obscurity thing.

score 1 · Answer 2 · answered Mar 05 '14 at 23:14

Building on what Cajus Kuinzinas eluded to... Consider having a restricted database that stores the application's credentials. When your application initiates, execute a query using a read-only account that can lookup credentials to the actual application database.

To make it more secure, the value stored in the lookup database should not be the complete password. Your application could hash this value along with a salt to generate the real password. Plus you can cache this in memory, if desired, to reduce future hits.

score 1 · Answer 3 · answered Jan 31 '12 at 10:57

1

Store your configurations into another file.

$DBName = "dbName";
$Host = "localhost";
$User = "dbUser";
$Password = "Yikes_hardcoded_PW";

Setup git ignore for this configuration file.

answered Jan 31 '12 at 10:57

Oyeme

11,088
4
42
65

1

The configurations are in another file and yes git can ignore files, but that does not answer my question. – T9b Jan 31 '12 at 11:05

score 1 · Answer 4 · edited May 23 '17 at 12:32

You'll have to hard code the password somewhere or other. Even if you want to use DSNs you'll have to hard code the password in the DSN string. As I see it there is no getting away from hard coding the password.

So the question boils down what can you do to secure the file/string containing the password. Setting proper file system permissions to the file containing the password and setting proper open_basedir value is what you can do. As mentioned in one of the posts in What's best way to secure a database connection string? you might also consider using encrypted partition.

The link you posted in your question, as far as my understanding goes, talks about desktop applications. And desktop applications in PHP are too few to give a serious thought on the matter of securing database passwords for php desktop applications.

score 0 · Answer 5 · answered Aug 02 '18 at 07:57

Another method, although a little outside the box is to create multiple accounts on the db, and have a user login, via a login screen, then there own credentials are powering the connection string, this ironically solves both authentication and not storing passwords in one simple instance. Using good password practice is still essential using hashing and salts.

Downside is now there are multiple access accounts on the db, but as a plus it also makes user auditing a lot easier if your db has audit logs turned on.

You would have to code down some logic to handle the credentials in a session but its an alternative to storing the credentials in a string.

Paul Bain · Answer 6 · 2012-01-31T11:17:49.410

There isn't a problem with coding credentials into a configuration file necessarily.

For a source code versioned project you should consider creating a configuration template with placeholders for any credentials which you commit to your repository.

In any deployment you should then edit these placeholders to be the live credentials checkout. This will also aid anyone using your project if you are going to open source it.

Updated (to actually answer the question)

Database configuration really does need to be in plain text, hardcoded into a PHP file, however you do can some thing to make sure it's more secure:

Check your Apache configuration the open_basedir restricts other vhost instances from access files outside their web root
Check filesystem permission to ensure only apache and your user can access the file
Make sure your mysql user is only set to be valid from a localhost context, i.e. grant all privileges on mydatabase.* to myuser@localhost etc
Use a firewall to block external connections to mysql

The question is not about the versioning aspect, it's about securing the password somehow for use with PHP. Can you give me an example that answers the question? — T9b, Jan 31 '12 at 11:06
Make sure your filesystem permissions are correct and that's all that really matters. As long as only you and apache can access it you should be fine. Also make sure your open basedir configuration in apache is correct. Plus, if your mysql create user statement specified only user@localhost it'll be even more secure — Paul Bain, Jan 31 '12 at 11:13

score -2 · Answer 7 · answered Jan 31 '12 at 10:56

-2

There is no reason to hide your MySQL password. Simply restrict access to the database from remote host. Alternatively, you can set a default MySQL user with no password for this specific project/host/database/action.

To answer your question directly, there is no way of obfuscating the password.

answered Jan 31 '12 at 10:56

Gajus

69,002
70
275
438

Not hiding a password seems to fly in the face of accepted wisdom. I was not asking for the password to be obfiscated either, just secured. – T9b Jan 31 '12 at 11:09
@T9b, use the default user then, with no password. But then again, there is no reason to hide MySQL password if remote access is restricted, e.g. see http://www.opensourcecms.com/ some of the hosted CMSs allow to change DB settings, user is also able to see the password and they are perfectly aware of that. – Gajus Jan 31 '12 at 11:28

How can I protect a mySQL connection string in PHP?

7 Answers7