stackoom
  简体   繁体   中英

How to Yii app protected connection string?

 原文  2012-06-20 09:41:58       php/ mysql/ yii/ connection-string/ password-protection

Question

I'm hosting a Yii app on shared-host with some my friend, and keep database in private MySQL server. As you knew, database info can be found so very easy in protected\\config\\main.php by another host owner (my friend and more): 

'db'=>array(
     'connectionString' => 'mysql:host=211.113.2.45;dbname=FamilyBook',
     'emulatePrepare' => true,
     'username' => root,
     'password' => 'xcute445',
     'charset' => 'utf8',
),

Is there any solution to conceal connection information as IP mySQL server, username, password?

May MySQL server provide RSA mechanism to protect database info?

Example, any people can see as below but cannot understand or use: 

'db'=>array(
     'connectionString' => '57bf064b2166366a5ea61109006b8d5c',
     'emulatePrepare' => true,
     'username' => '63a9f0ea7bb98050796b649e85481845',
     'password' => 'e04ccf211208f8c97e4a36e584926e60',
     'charset' => 'utf8',
), // value by MD5 function, example only

2 answers

solution1
 6 ACCPTED  2012-06-20 09:46:27

No, you cannot conceal the credentials from someone who has access to your source as long as you are using native MySql authentication . That's because your code needs to pass the credentials as cleartext¹ to the server, so it needs to be able to "decrypt" them before connecting. Someone who has access to your source can follow the same procedure and decrypt them as well.

You could secure your system by relying on some type of PAM authentication instead of user-supplied credentials, but Yii does not support such.

¹note: This is not actually true. The client passes a hash to the server, but it needs to have access to the original password in order to hash it. This means that for the purposes of this discussion it makes no difference (it would make a difference for someone who is listening on the network).

solution2
 0  2015-08-24 08:54:13

Using Yii 1.x I did it using below method.

  1. create a class, DbConnection inside protected/components extending from CDbConnection class DbConnection extends CDbConnection { public function createPdoInstance() { // Decrypt the password used in config file // eg: $this->password = mydecrypt($this->password); return parent::createPdoInstance(); } } class DbConnection extends CDbConnection { public function createPdoInstance() { // Decrypt the password used in config file // eg: $this->password = mydecrypt($this->password); return parent::createPdoInstance(); } }

  2. Adjust the config file ( protected/config/main.php ) 'db' => array( 'class' => 'DbConnection', // Use above classname 'password' => 'encryptedpassword', ),

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Yii2 : How to change db connection string dynamically? How to change the database connection in YII How to make pdf password protected in yii2 php How to deploy a Yii app to appFog Yii - View protected PDF files How to concatenate a string into activeTextArea in Yii? How to convert array to string in yii 1 How return string from protected function php? Nginx + Yii app = js,css - net::ERR_CONNECTION_REFUSED How to integrate Yii-auth in Yii-app?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM