简体繁体 English

使用PHP安全地存储数据

[英]Storing Data Securely using PHP

原文 2013-03-22 23:53:28 4 2 php/ security/ encryption

I have a requirement to securely store some data that can be retrieved by authorised users on a website. 我要求安全地存储一些可以由授权用户在网站上检索的数据。 It's not credit cards, but equally it's data that you wouldn't want someone getting their hands on. 这不是信用卡，但是同样，它是您不希望有人得到他们的数据。

The only user that will retrieve the data is the one who posted it. 将检索数据的唯一用户是发布数据的用户。

So, I'm thinking of putting something together like the following: 因此，我正在考虑将类似以下内容的内容放在一起：

Everything is run over SSL 一切都通过SSL运行
To login, a user will enter their username and password, and also have to upload a 'key' file - users will be recommended to only keep one copy of the key file on a thumb drive or similar 要登录，用户将输入其用户名和密码，并且还必须上传“密钥”文件-建议用户仅将密钥文件的一个副本保留在拇指驱动器或类似设备上
The user's key will not be physically stored on the server. 用户密钥将不会物理存储在服务器上。 When the user provides their key to login it will be stored in memory 当用户提供其登录密钥时，它将存储在内存中
All stored data will be encrypted using MCRYPT_RIJNDAEL_256, and the key used to encrypt will be part of the key file they must upload (ie the one not stored on the server) 所有存储的数据将使用MCRYPT_RIJNDAEL_256进行加密，并且用于加密的密钥将成为它们必须上传的密钥文件的一部分（即未存储在服务器上的密钥文件）
While the user's key is being kept in memory, this will also be encrypted using MCRYPT_RIJNDAEL_256 using a key that changes on a daily basis 当用户的密钥保留在内存中时，还将使用MCRYPT_RIJNDAEL_256使用每天更改的密钥对它进行加密
We will generate a new 32-byte IV when data is retrieved, so we should get different results for two separate retrievals 检索数据时，我们将生成一个新的32字节IV，因此对于两次单独的检索，我们应该获得不同的结果
The user can regenerate their key whenever they require, at which point all stored data is re-encrypted with their new key 用户可以在需要时重新生成其密钥，这时所有存储的数据都将使用其新密钥重新加密。
The user can set a timeout on the in memory storage of their key - requiring them to re-provide it (for example), every 30 minutes. 用户可以在密钥的内存存储中设置超时-要求他们每30分钟重新提供一次（例如）。
The user can also set an inactive timeout on the in memory storage, so say they don't perform an action for (for example) 5 minutes, it will also expire the key 用户还可以在内存存储中设置一个非活动超时，因此说他们在5分钟内没有执行任何操作（例如），这也会使密钥失效
The box itself will be locked down to only expose port 80, and port 22 to a single IP (our office IP) 盒子本身将被锁定，仅将端口80和端口22暴露给单个IP（我们的办公室IP）

My question is: 我的问题是：

Am I thinking along the right lines? 我在沿着正确的方向思考吗？ Is the above solution going to be secure, or am I missing some attack vector that is going to make getting the data easy? 上面的解决方案是安全的，还是我错过了一些使数据变得容易的攻击媒介？

As far as I can tell, an attacker would need physical access to the machine (or would need to be on our office network), and even if this was the case, they could only retrieve data for users logged in at that moment (since they are the only keys that would be stored)? 据我所知，攻击者需要对计算机进行物理访问（或者需要在我们的办公室网络上），即使是这种情况，他们也只能为当时登录的用户检索数据（因为它们是唯一会存储的密钥）？ Are my assumptions correct? 我的假设正确吗？

Is there any way of removing the requirement to store the user's key in memory while they are logged in (short of asking them to re-supply their key on every request)? 有什么方法可以消除在用户登录时将其密钥存储在内存中的要求（除了要求他们在每次请求时重新提供密钥外）？ I don't think there is, but I'm hoping it's something I've not thought of. 我不认为有，但是我希望这是我没有想到的。

Thanks! 谢谢！

2 个解决方案

This sounds a little paranoid on a local network but here are a few other things to consider. 在本地网络上，这听起来有些偏执，但是这里还需要考虑其他一些事项。 These are some things that I've run into myself. 这些是我遇到的一些事情。

Is the box and physical access to the box locked down and monitored (secure room, secure rack, cameras)? 盒子和盒子的物理通道是否被锁定和监控（安全室，安全机架，摄像机）？ Patch cables can link this thing to the internet if it's in the same rack as a switch that goes "online." 如果跳线与“联机”的交换机位于同一机架中，则跳线可以将其链接到互联网。 Also someone can bring in a wireless router and connect it to the network (hide it under the desk) that way you can't tell it's broadcasting. 另外，有人可以带入无线路由器并将其连接到网络（隐藏在桌子下面），这样您就无法分辨它正在广播。 USB routers are also available for connection sharing. USB路由器也可用于连接共享。 Check Mac Addresses. 检查Mac地址。
If you're asking for keys you probably want to hash the key against a second phrase (user provided possibly like a two-step password) and a hidden phrase that only you know so if anyone ran a cycler on this thing they couldn't get anywhere. 如果您要输入密钥，则可能需要将密钥与第二个短语（用户提供的密码类似两步密码）和一个隐藏的短语进行哈希运算，只有您知道该隐式短语，因此，如果有人对这件事运行了循环仪，他们将无法到达任何地方。 Also if they catch a couple of packets you don't want them to try and decipher the dump. 另外，如果它们捕获了两个数据包，则您不希望它们尝试破译转储。 If you're hashing when someone provides a different key and the hash fails then you know they aren't the person you think they are. 如果您在某人提供其他密钥时进行哈希运算而哈希失败，那么您会知道他们不是您认为的那个人。
It is possible to break SSL if you catch the initial handshake where the keys are exchanged (high-end routers at banks do this so they can speed up transfers) so anything transmitted over the connection can be tapped with something like Wireshark. 如果您在交换密钥时遇到了最初的握手，则有可能破坏SSL（银行的高端路由器这样做是为了加快传输速度），因此可以使用Wireshark之类的东西来窃听通过连接传输的任何内容。 If there is access to the hardware layer? 是否可以访问硬件层？
Anything captured can be collected on the machine if there is access to a usb port (so the ports need to be locked down on the physical machine). 如果可以访问USB端口，则捕获的所有内容都可以在计算机上收集（因此，这些端口需要在物理计算机上锁定）。 If you're having them provide a thumbdrive then this needs to be checked as well (root kits, key loggers, etc). 如果您让他们提供一个指驱动器，则还需要检查它（根工具包，按键记录器等）。 Maybe a checksum on the application on the thumbdrive that runs. 可能是运行的thumbdrive上的应用程序的校验和。 Also the machine needs to be checked for other usb thumb drives physically (maybe on the back of the machine) where someone might install a keylogger and wait. 另外，还需要在机器上物理检查其他USB拇指驱动器（可能在机器背面），以便有人可以安装键盘记录程序并等待。
If they have access to the CD-rom on the machine can they reboot the machine and user something like knoppix? 如果他们可以访问计算机上的CD-ROM，可以重新启动计算机并使用诸如knoppix之类的东西吗？ There would be no digital paper trail. 不会有数字纸质记录。
In the browser you probably want to make it keep no history. 在浏览器中，您可能希望使其不保留任何历史记录。
All web pages need to expire immediately. 所有网页都必须立即过期。
You might make it install a clean VM everytime someone connects to the machine. 您可能会在有人连接到计算机时安装干净的VM。
Use a different default web port. 使用其他默认Web端口。
Since it's in the datacenter you'll want to make sure that the box itself looks for specific connections in order to work properly (sort of like a stay-alive authentication). 由于它位于数据中心，因此您需要确保该框本身寻找特定的连接才能正常工作（有点像保持活动身份验证）。 That way someone has to physically intervene if the box has a man-in-the-middle attempt in order for the box to come back online. 这样，如果包装盒尝试中间人操作，则必须亲自干预才能使包装盒恢复在线。
Make sure the box isn't blindly trusting the local network if it has its own firewall or local network at the server farm (in the same rack). 如果该框在服务器场（位于同一机架中）具有自己的防火墙或本地网络，请确保该框不会盲目信任本地网络。 Some of my past clients hosted in the "secure" cages at a "nuclear ready" facility to find out other people had patched into their gigabit switch behind their enterprise level firewall and on the same subnet as their secure servers. 我以前的一些客户托管在“核就绪”设施的“安全”笼子中，以发现其他人已将其千兆级交换机打入了企业级防火墙之后，并与安全服务器位于同一子网中。 They were broadcasting using my clients connection and not trying to get into my client's box, although they did manage to infect one of my client's mail servers (Microsoft) with code red. 他们使用我的客户连接进行广播，尽管他们确实设法用红色代码感染了我客户的一台邮件服务器（Microsoft），但并未试图进入客户的盒子。 My client's antivirus/antispam firewall (a Fortinet) blocked all of the outbound virii, worms, and unsolicited mail (I was paged by the firewall about the new mac address seeking an IP). 我客户的防病毒/反垃圾邮件防火墙（Fortinet）阻止了所有出站的病毒，蠕虫和未经请求的邮件（防火墙向我传呼了有关寻找IP的新mac地址的信息）。 Luckily we weren't using DHCP and none of the servers in the local network communicated back and forth so when the other box started a port scan it found the exchange box because of the outbound traffic. 幸运的是，我们没有使用DHCP，并且本地网络中没有服务器来回通信，因此，当另一个设备启动端口扫描时，由于出站流量，它找到了交换设备。
For the best security, you'll want to make sure that the rack itself is in its own cage or physically locked in (standalone). 为了获得最佳安全性，您需要确保机架本身在自己的笼中或物理锁定（独立）。 It's a little more expensive but if the data is that mission critical it could be bad if there is a breach. 它要贵一些，但是如果数据对于任务至关重要，那么在发生数据泄露的情况下可能会很糟糕。 Most of the server farms trust authenticated people who gain access to the cages are on the up-and-up, so they don't normally put cameras inside the cages that contain 30-40 racks if you happen to host in the general population at a major server farm. 大多数服务器场都信任能够访问网箱的经过身份验证的人员，而且他们经常动手，因此，如果您碰巧会容纳30-40机架的普通人群，通常他们不会将相机放入装有30-40个机架的网箱中一个主要的服务器场。 Also most server farms have a couple of "guards" or people who monitor the cameras and logins and a few techs on-hand depending on what's hosted there. 此外，大多数服务器场都有几个“守卫”或监视摄像机和登录名的人员，并根据那里托管的内容提供一些技术。
Make the firewall on the box itself only accept connections from a couple of your own specific static IPs, as well as any applications on the box should also do verifications as well. 使机箱上的防火墙本身仅接受来自您自己的几个特定静态IP的连接，并且机箱上的任何应用程序也应进行验证。 If you're using a firewall only allow trusted VPN connections to access anything other than the needed resources (web applications, databases, etc). 如果您使用的是防火墙，则仅允许受信任的VPN连接访问所需资源（Web应用程序，数据库等）以外的任何内容。

Hope this helps. 希望这可以帮助。

If only the user uploading need to be able to read the content, maybe a public-key cryptography can be useful? 如果仅上载用户需要能够读取内容，那么公用密钥加密可能会有用吗？

This way you would not really have to care about having a key in memory or being scared of someone sniffing the data. 这样，您就不必真正在意内存中是否包含密钥，也不必担心有人在嗅探数据。 The client would encrypt the files with his public key from anywhere he might be in the world. 客户可以在世界上任何地方使用其公钥对文件进行加密。 Only when someone has access to his private key (which is not required at the encryption moment) will you be able to decrypt that data. 仅当某人可以访问其私钥（加密时不需要）时，您才能解密该数据。

GPG is a great tool for something like this and there exists a lot of graphical user interfaces for it. GPG是处理此类问题的好工具，并且存在许多图形用户界面。

If the server is some kind of backup, just make sure you store a copy of the private key somewhere safe. 如果服务器是某种备份，则只需确保将私钥的副本存储在安全的地方即可。 That could be on an external medium without any kind of internet access. 那可能是在没有任何类型的Internet访问的外部介质上。