比在配置文件中以纯文本形式存储 mysql 密码更好的方法? [英] a better approach than storing mysql password in plain text in config file?
问题描述
许多 PHP 程序要求用户将 mysql 密码以纯文本形式(以字符串或常量形式)存储在应用程序根目录的配置文件中,这让我一直困扰.
It's always bothered me that many PHP programs require the user to store the mysql password in plain text (in a string or constant) in a configuration file in the application's root.
这么多年过去了,还有什么更好的办法吗?
Is there any better approach to this after all these years?
到目前为止,我提出了两个最低限度的安全提升:
So far I have come up with two minimal security boosts:
使用 .htaccess 中的规则使文件无法通过网络读取(以防php失败或者读取php源码存在安全漏洞)
make the file unreadable via the web using rules in .htaccess (in case php fails or there's a security vulnerability to read php source)
在建立数据库连接后销毁内存中的密码(未设置)(为了防止安全漏洞、注入等导致字符串转储)
destroy the password in memory after the db connect is made (unset) (to prevent string dumps from a security breach, injection, etc.)
当然,这些都不能解决最初的问题.
but of course neither of those solve the original problem.
感谢您的任何其他想法!
Thanks for any other ideas!
推荐答案
由于您的代码需要密码,因此没有完美的安全性.但是你可以让它难以恢复.
Since your code will need the password there is no perfect security. But you can make it hard to recover.
我在我的网络配置中加入了一些哈希值,作为环境变量,比如 MYSQL_PASS_HASH
I put some hash in my web config, as an environment variable, say MYSQL_PASS_HASH
然后我做一些类似 md5(getenv('MYSQL_PASS_HASH').'gibberish$qwefsdf') 的事情,然后就是密码.当然,如果你是偏执狂,你应该在此之后unsetenv.
Then I do something like md5(getenv('MYSQL_PASS_HASH').'gibberish$qwefsdf') which is then the password. Of course you should unsetenv after that if you're paranoid.
您的密码不会按字面意思存储在某处,只有当有人同时拥有您的网络配置和您的数据库时,才能恢复它.
Your password will not literally be stored somewhere, and it can be recovered only when someone has both you web config and your database include.
这发生在 webroot 之外的文件中(不要把你所有的信任都放在 .htaccess 上).
This happens in a file outside of the webroot (don't put all your trust in .htaccess).
这篇关于比在配置文件中以纯文本形式存储 mysql 密码更好的方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
