Another solution is DO NOT store passwords and usernames in the database
file. Rather, store a hash of the password and username using the php MD5()
function. Something like:
$username = $HTTP_POST_VARS['user']; # from FORM page
$password = $HTTP_POST_VARS['pw']; # from FORM page
$hash = md5($username.$password);
$query = "SELECT * FROM usertable WHERE hash=$hash";
$result = mysql_query($query) or die("Error");
if( mysql_num_rows($result) != 1 ) { die("Error - User does not exist");
exit };
Previously, when setting up the user account, you did the following:
$username = $HTTP_POST_VARS['user']; # from FORM page
$password = $HTTP_POST_VARS['pw']; # from FORM page
$hash = md5($username.$password);
$query = "INSERT INTO usertable (hash) VALUES($hash)";
mysql_query($query);
rick
-----Original Message-----
From: Paul Burney [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 8:56 AM
To: PHP Database List
Subject: Re: [PHP-DB] How can you hide database login passwd in your
script?
>> That does not stop another php user fopen'ing your config file.
This is a point that needs to be stressed. The other posts about keeping db
connection info outside of the web tree and naming the files .php are good
ones, but even with them, there can be major security problems on a shared
virtual host, which many / most hosting providers provide.
For example, a malicious user gets an account on a shared host with PHP
(probably Perl, too) installed. They then do an fopen on the /etc/passwd
file to see which users are on the machine and where their directories are.
If shadow passwords aren't used, they also get the encrypted password.
With that knowledge they can use the standard PHP directory commands like
dir to get a listing of all the files in a user's home directory and then
they can fopen whichever one they'd like.
In these setups, the same user (nobody, www, etc.) has read access to all of
these files. If it didn't, you script wouldn't work. Once a user finds a
password for a mysql database, they can just:
DROP database_name
or
DELETE FROM table_name
Possible solutions:
1) Run your own server (not possible in many cases)
2) Run php in safe mode (something a hosting provider must do, will break
some/many apps)
3) Make sure that your mysql users have only the necessary permissions,
i.e., don't give the user insert/update/delete privs if they only need to
SELECT.
4) Don't store sensitive data in databases on shared servers.
5) Backup everything from databases regularly and hope you never really need
to use them.
Hope that helps.
Sincerely,
Paul Burney
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Paul Burney
Webmaster && Open Source Developer
UCLA -> GSE&IS -> ETU
(310) 825-8365
<[EMAIL PROTECTED]>
<http://www.gseis.ucla.edu/>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
