简体繁体 English

在PHP Web应用程序中安全地存储用户凭据

[英]Securely storing user credentials in DB, for PHP web application

原文 2011-02-04 15:44:25 4 2 php/ encryption/ credentials

I have a built a web application that now has a requirement of storing user credentials for access to another system. 我有一个构建的Web应用程序，现在需要存储用户凭据以访问另一个系统。 (As much as I would like to not do this, unfortunately I have no choice in the matter.) （尽管我不愿意这样做，但遗憾的是我在此事上别无选择。）

My web application interfaces with a Windows domain controller over LDAP to verify user accounts. 我的Web应用程序通过LDAP与Windows域控制器连接以验证用户帐户。 So, when the user logs into my application, the application checks LDAP to make sure they are a valid user and their password is correct. 因此，当用户登录我的应用程序时，应用程序会检查LDAP以确保它们是有效用户且密码正确。 Once authenticated, the users' miscellaneous data is loaded from a MySQL database. 经过身份验证后，用户的杂项数据将从MySQL数据库加载。

Now, I need to store a username and password for this other system in this database somehow, and I am exploring the most secure way to do it. 现在，我需要以某种方式在此数据库中存储此其他系统的用户名和密码，我正在探索最安全的方法。

One method I have considered was encrypting the credentials for this other system using the users' domain password (as verified by LDAP) as the encryption key. 我考虑过的一种方法是使用用户的域密码（由LDAP验证）作为加密密钥加密该其他系统的凭据。 This way if someone did get the database somehow, it wouldn't be of much use as each record would be encrypted with a different (hopefully anyway) key, and that key wouldn't be present in the web application itself anywhere. 这样，如果有人确实以某种方式获得了数据库，那么它将没有多大用处，因为每个记录都会使用不同的（希望无论如何）密钥进行加密，并且该密钥在任何地方都不会出现在Web应用程序本身中。 The problem with this method is that when the user changes their password, the saved credentials for the other system are no longer valid. 此方法的问题是，当用户更改其密码时，其他系统的已保存凭据不再有效。 I would then have to prompt again for the other system credentials. 然后我必须再次提示其他系统凭据。 I am not opposed to doing this, provided that there isn't another method. 我并不反对这样做，前提是没有其他方法。

Any thoughts? 有什么想法吗？ Thank you for your time. 感谢您的时间。

Edit: Something else I just thought of was encrypting based on some other data exposed for LDAP. 编辑：我刚想到的其他东西是基于为LDAP公开的一些其他数据进行加密。 One value that looks promising (and also probably insecure to anyone on the domain) is the objectGUID , which I assume is the GUID for the account. 一个看起来很有希望的值（也可能对域中的任何人都不安全）是objectGUID ，我假设它是该帐户的GUID。 I might use this the encryption key. 我可能会使用加密密钥。 Is this easy to find by domain users or others? 域用户或其他人是否容易找到它？

Edit #2: I have found that any domain users can easily look up the GUID via LDAP, so I have decided that method is out. 编辑＃2：我发现任何域用户都可以通过LDAP轻松查找GUID，因此我已经确定该方法已经完成。 I may have to encrypt based on the user password, unless there are other recommendations. 我可能必须根据用户密码进行加密，除非有其他建议。

2 个解决方案

You might want to see if this other system supports any standard ways of doing "single sign-on." 您可能想看看这个其他系统是否支持执行“单点登录”的任何标准方法。 That way you don't have to re-invent the wheel . 这样你就不必重新发明轮子了。

In the absence of other suggestions, I am going to simply encrypt the secondary credentials using the user's password. 在没有其他建议的情况下，我将使用用户密码简单地加密辅助凭证。 This isn't ideal (as I will lose the data when they update it), but should be sufficient for my particular project at the moment. 这并不理想（因为我在更新数据时会丢失数据），但目前应该足够我的特定项目。