php/mysql security question (was Re: [ale] [OT] web hosting (php/mysql/apache) suggestions?)

J.M. Taylor jtaylor at onlinea.com
Wed Jun 4 10:12:07 EDT 2003


Dylan,

This is an interesting issue.

The first thing is that I always put my password file outside the
web-accessible directory, and include it NOT as a variable.  IE, my
include statement is include_once('/path/outside/web/config.php').  If you
use a variable for that path, make 100% sure that you initalize it
somewhere, that globals are not on, and that you know deep in your heart
that nobody can pass you a GET, POST, or COOKIE var that will overwrite
that variable name. Includes can be dangerous creatures.

The second thing is that even tho it's outside the web directory, I make
it a PHP script.  IE, username, host, password, and database name are all
variables wrapped in the php open/close tags.  That way if someone *does*
manage to display it to their browser, they get a blank screen and all
that happens is your variables get initialized.

That's as safe as you can be and stay sane.  There are other, overkill
sort of things you can do here, most of which I've tried.  They all have
their problems and don't increase the security enough to justify the
headache...in fact most other things just give you a false sense of
security.  Please if someone on the list has things they've tried that
don't fall into that category, let me know!! :)

There's no substitue for limiting permissions in your database.  One user
per application, one config file per application. Use good passwords but
not  passwords or usernames that have any connection to users on your
system or even users in your application if they're logging in via the web
(ie, don't let a web user or, god forbid, a shell user named 'joe' with a
password of '1n5ekur3' also be a database user with the same username and
password).  NEVER use your mysql root password in ANY web config thing
EVER for ANY REASON no matter what worthless crap like phpMyAdmin tells
you.

I've done this a lot, and I still look for ways to make the setup more
secure. I'd be interested to see what others do along these lines, this is
just my best practices from a few years in the field.

HTH
jenn



Dylan Northrup said:
> Here's the situation as I see it:
> - .php files need to be 644 in order for Apache to be able to read them
> - I can't make them 640 and chgrp them to the apache group since I'm not
>   a part of the apache group (and even if I did, other folks in group
> apache could read my files as well)
> - The reading of the .php files is important because I have to put my
> mysql
>   password in the mysql_connect statement and if someone has my mysql
> password, they have access to my data.
>
> Now, I don't have anything important in there right now, so it's not a
> big deal, but I'd prefer other people not being able to muck with my
> data. Anyone else run into this issue?  If so, how did you deal with it?



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list