Looking at the structure of most PHP/MySQL-based websites I've seen, it appears that it's not terribly difficult to discern the database password if you dig a bit, as there's invariably a setup or configuration file someplace that stores the information for logging into the DB. Other than the basic precaution of making sure that my database's privileges are appropriately restricted for remote requests, what options are available that I could implement in my own projects to protect this information?
MySQL – Securing Database Passwords
MySQLSecurity
Related Question
- MySQL: Securing Access using Stored Procedures
- Mysql – Securing Your MySQL Server within your team
- SQL Server 2008 R2 Security – Securing an Internet Database Connection
- Security – Why Storing Users Passwords at All?
- Mysql – Securing a MySQL database with more than just username and password
- Mysql – Securing LOAD DATA LOCAL
Best Answer
Not a direct answer about storage of the passwords, but I generally use at least two database connections when building webapps -- one's used 99% of the time for user-related activities, with restricted privileges, and the other's used for 'admin' functionality (delete users, etc.).
In a few cases, where I'm installing someone else's package, I'll install two instances ... a public facing instance which only has database access to do the general user-type stuff, and a second instance that's IP-restricted to my local subnet (possibly even on a different machine) that has to be used for any 'admin' type activities. Neither one has access to modify tables, etc, though ... I'd rather go in via the native database tools than allow the webapp to run its own update tasks that haven't been vetted.
You can take it even further though, and add more connections specifically for given tasks ... so the user creation & password management tasks go through a user that has extra privileges on the user tables, login has database privs to authenticate and not much else, etc.
In this way, if there's a sql injection attack, on most webpages it can't really do anything significant -- can't see the password hashes, can't add a new admin user (not that they'd be able to do anything anyway), etc. It still won't help if they manage to get a shell on your machine, but it'll slow them down.