currently we store user/pass in a plain php file, but we want to have a
better method to protect the MySQL login authentication by hiding the
real user name & password

are there any suggested solution?

thanks.

howa wrote:

Hiding it from whom? By putting it in a plain php file, you are hiding
it from all except those who can access the php file. So who else do
you wish to hide it from. The solution depends on this.

Captain Paralytic ¼g¹D¡G

okay, let consider it is a Perl script, running on the server, any
advice?

i.e. sometimes, you even don't want the root to know the password to
the remote DB...

"howa" <howachen (AT) gmail (DOT) com> wrote:
If you are using PHP you should put database account information in a
PHP include file and store that *outside* the webservers document root.

This is not possible. The password must either be given interactively
or in a file. If it's in a file, root can always get a copy of that
file and use it (even if the password itself is encrypted).

There are multiple possibilities to store the password in a file:

- write it in the source (possibly obscured)
- write it in a MySQL option file (i.e. ~/.my.cnf)
- use a SSL certificate, no password but REQUIRE X509 ... in GRANT


XL
--
Axel Schwenke, Support Engineer, MySQL AB

Online User Manual: http://dev.mysql.com/doc/refman/5.0/en/
MySQL User Forums: http://forums.mysql.com/

If your script can know the password, so can root. If you encrypt
the password, your script also has to have the key to decrypt it.
If it isn't necessary to decrypt it, then it *IS* the password.
Some people have attempted this anyway (see Pay TV vendors with
their descrambler boxes) but they get hacked in spite of supposedly
"tamperproof" hardware.

Gordon Burditt ¼g¹D¡G


consider some applications like e-banking system, how they protect your
data from being modified by the `root` account?

howa wrote:
They can't. Root can do anything.

What they do have are people they can trust, tracking and auditing. So
if something does change they can track it back.

If something can be done, there is always someone who can do it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================

howa wrote:

As Jerry stated, as root - you can do anything, however - root in a database and
root at the OS level *can be* two seperate ids where the OS SysAdmin does not
know the root password for the database. However, that does not completely
protect the database - as he can copy that database to his own system, modify
the password and have access to your information. Again, as Jerry stated, there
is a trust-factor.

There are 4 Admins in all shops that must have your companies implicit trust.
The Sys Admin, the DBA, the Network Admin and the SAN Admin. In smaller shops,
there may be 1 or two people that fill those functions. If you cannot trust
them, they should be terminated as soon as possible.

These 4 Admin-types have tools and methods that allow them to have complete
control over the system AND the data on those systems. Most companies such as
the one for which I work have many people in this capacity.

--
Michael Austin.
Database Consultant

"howa" <howachen (AT) gmail (DOT) com> wrote:
By encrypting the data and *NOT* storing the key on the computer. Then
all root can get is encrypted data. But all depends on how "secure"
things need to be. Perfect security is an illusion. The best you can
get is sufficient security. This is when the costs for a successful
attack are higher than the value of the protected good.

The traditional use-more-than-once password is already a compromise,
sacrificing security for simplicity. A password entered on the keyboard
should be considered exposed (keyloggers exist, even in pure software)
and must never be re-used. If this is a viable attack vector you need
external hardware like key tokens or smartcard terminals.


XL
--
Axel Schwenke, Senior Software Developer, MySQL AB

Online User Manual: http://dev.mysql.com/doc/refman/5.0/en/
MySQL User Forums: http://forums.mysql.com/

Axel Schwenke wrote:
Even encrypting the data isn't foolproof. The code (and key) to decrypt
the data must be on the server, and that can be copied. Or, the key
must be entered from a terminal. And someone with root access can
easily intercept the incoming key.

If you want absolute security, put it on your own machine that only you
can access, lock that machine in a vault and don't give anyone else the
combination.

Of course, someone could also break into the vault...

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================