Storing sensitive data in PHP
Question
I'm working on a PHP project and I'm using a global settings file which I include where I need some global values such as database credentials for connecting to mysql. For example:
settings.php:
<?php
const DB_ADDRESS = 'localhost';
const DB_USERNAME = 'johndoe';
const DB_PASSWORD = 'mypassword';
const DB_PORT = 7777;
?>
My question, is it safe enough? For example, is there any way to see variables values while debugging in explorer/chrome? Is there any alternative safer way?
Thanks.
6 answers
solution1
6 ACCPTED 2012-06-01 13:55:56
PHP information is processed on the server before being sent to the browser so it can't be seen inside of a browser under normal circumstances. However, if your webserver is misconfigured the plain text version of your code may be sent to the browser thus rendering it visible to users. That's why important code should always be kept outside of your document root and included into files when needed.
solution2
4 2012-06-01 14:45:57
Whilst this offers little protection in the event of a compromised server, should your source code ever become publically viewable, through a bug or other vulnerability (such as this: http://www.php.net/archive/2012.php#id2012-05-06-1 ) an increasingly common approach is to set various credentials and parameters as server environment variables.
Eg in apache vhost/.htaccess you can set an environment variable such as the following:
SetEnv DB_ADDRESS localhost
...
And in your PHP code:
$DB_ADDRESS = getenv('DB_ADDRESS');
Of course you could assign this value to a class constant, global constant depending on your use case etc....
This also makes your source code more portable, allowing different configurations to be provided depending on the hosting environment (staging/production etc):
SetEnv APPLICATION_ENV development - .htaccess interacting with Zend Framework?
Your settings are never hard coded and not accessible in the source code. Heroku uses a similar approach to application configuration.
solution3
3 2012-06-01 13:55:26
Variables are kept within a server, and aren't sent to the client. Unless your script has any vulnerabilities that allow users to output custom variables, then they'll remain secure to anyone without sourcecode access.
solution4
2 2012-06-01 13:55:56
That's the standard way (look at phpmyadmin, mediawiki, etc.) : this php file is not accessible and if you don't make any error in your server settings, it's not readable.
Usually you'll add a test to check this settings file is included in one of your php files :
<?php
if ( !defined('IN_KP') ) die("Hacking attempt");
?>
Of course you define 'IN_KP' in your including files :
<?php
define('IN_KP', true);
include("sensitive_file.php");
?>
But the best protection overall is that those sensitive data aren't so sensitive because your mysql account is only accessible by localhost (if not fix it !).
solution5
2 2012-06-01 13:58:00
Your back-end code should never appear on the front-end, unless something goes terribly wrong with your setup. If that happens and your back-end source code is "leaked" -- unlikely but possible -- then your password will be visible in plain sight.
You can encrypt the password string with a symmetric encryption scheme, but you will have to store the encryption key somewhere. Then if the encryption key gets leaked, you are back to the starting point. It's still a bit better than having the password in plain text, but nothing will be 100% safe.
solution6
1 2012-06-01 13:56:21
For example, is there any way to see variables values while debugging in explorer/chrome?
If you never send them to the view (ie echo, var_dump, print_r, session etc) - then no. The browser will never know about them.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.