以安全的方式在PHP应用程序中存储MYSQL的密码 [英] Storing passwords for MYSQL in PHP application in a secure manner

问题描述

我有一个php应用程序，可从代码连接到数据库.我在徘徊什么是安全的方式来存储这些凭据?这是一台linux服务器.

我只是想听听一些见识的见解，以获取见闻的见解myslef与我的团队讨论.我反对加密任何密码，但是我的团队不相信.

我认为，如果密码得到加密，那么我们也需要将解密密钥也以纯文本形式存储在某处，从而使整个演出毫无意义.

解决方案

没有安全方式".一种或另一种方式是，必须对密码进行解密/解密，以便将其发送到数据库库以建立连接.

充其量，将登录信息存储在站点文档根目录之外的文件中.这不是万能的，但是至少如果您服务器的配置被破坏并开始提供php源而不是执行它，它不会让您的凭据泄漏出去，因为该文件将无法直接访问. >

I have a php application that connects to the database from the code. I am wandering what would be some secure ways of storing these credentials? This is a linux server.

EDIT: I just want to hear some informed opinions to get an informed opinion myslef to discuss it with my team. I am against encrypting any passwords, but my team is unconvinced.

I think that if passwords get encrypted, then we would need to store the decryption keys somewhere in plain text as well, thus making the whole gig pointless.

解决方案

There is no "secure manner". One way or another, the password will have to be decrypted/unobfuscated so it can be sent to the DB library to establish the connection.

At best, store the login info in a file OUTSIDE of your site's document root. This isn't a cure-all, but at least if your server's config becomes broken and starts serving up php source instead of executing, it won't let your credentials leak out, because the file won't be directly accessible.

这篇关于以安全的方式在PHP应用程序中存储MYSQL的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！