Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-28 Thread Jason Wong
On Monday 28 February 2005 19:33, Simon Rees wrote:

> You said in that post: "Set default MySQL user and password in your
> virtual host container. Then connect to MySQL without specifying user
> and password."
>
> Presumably the file which contains the virtual host directive is
> readable by the process the webserver is running as - if not how does
> this work? 

When Apache starts up it does so as root and thus has the necessary 
privileges to read those files. After it has read all its config files it 
drops root privileges and assumes which whichever user you have 
configured httpd to run as.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
New Year Resolution: Ignore top posted posts

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-28 Thread Simon Rees
On Monday 28 February 2005 10:52, Jason Wong wrote:
>
> If you don't need the flexibility of the custom program and would rather
> make use of existing infrastructure:
>
> http://marc.theaimsgroup.com/?l=php-general&m=110137778213700&w=2
You said in that post: "Set default MySQL user and password in your virtual 
host container. Then connect to MySQL without specifying user and 
password."

Presumably the file which contains the virtual host directive is readable by 
the process the webserver is running as - if not how does this work? 
Therefore the technique you describe is no more secure than that described 
earlier of putting the passwords in a file outside the webserver root. 
The technique I described keeps you passwords secret even if an attacker has 
read access to files they shouldn't. A similar strategy is used for the 
shadow password file on Unix boxes.

cheers Simon

-- 
~~
Simon Rees  | [EMAIL PROTECTED]  |
ORA-03113: end-of-file on communication channel
~~

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-28 Thread Jason Wong
On Monday 28 February 2005 18:44, Simon Rees wrote:
> On Sunday 27 February 2005 20:53, Micah Stevens wrote:
> > I think about as safe as you can get is by putting the connection
> > data out of the served directory, somewhere that's not directly
> > accessable, and concentrate on system integrity. (security wise)
>
> A refinement of this technique is available on Unix boxes to which you
> have root access.
> Create a simple program that can read data about passwords etc. from a
> file. Create a file that can be read by the program you've written with
> the 'secrets' you want to keep secure in it. Make this file owned and
> readable only by root.
> Set the program owned by root, executable by everyone and suid.

If you don't need the flexibility of the custom program and would rather 
make use of existing infrastructure:

http://marc.theaimsgroup.com/?l=php-general&m=110137778213700&w=2

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
New Year Resolution: Ignore top posted posts

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-28 Thread Simon Rees
On Sunday 27 February 2005 20:53, Micah Stevens wrote:
> I think about as safe as you can get is by putting the connection data
> out of the served directory, somewhere that's not directly accessable,
> and concentrate on system integrity. (security wise) 

A refinement of this technique is available on Unix boxes to which you have 
root access. 
Create a simple program that can read data about passwords etc. from a file.
Create a file that can be read by the program you've written with the 
'secrets' you want to keep secure in it. Make this file owned and readable 
only by root.
Set the program owned by root, executable by everyone and suid.

This will allow any user that can execute programs on the machine to obtain 
the password. Attackers who have just 'escaped' the web server root, say by 
taking advantage of a coding flaw, will not be able to read the password 
file. You can use groups to give finer grained access by making the program 
executable by a specific group only. However if an attacker has managed to 
obtain an account on your box they could probably just use a rootkit.

In practice I use a simple c program (for speed) to read the password file 
and a system call in my php script to call the c program. A PHP program 
could be used for reading the password file but will need to be executed by 
a shebang rather than as a parameter to php.

I can post further details if anyone is interested.

cheers Simon

-- 
~~
Simon Rees  | [EMAIL PROTECTED]  |
ORA-03113: end-of-file on communication channel
~~

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-27 Thread Micah Stevens



>
> The original question was concerning that if someone somehow had access to
> the file which stored the connections details then they would be able to
> use it to connect to the mysql server. Now if someone somehow had access
> to your key then it's game over for you. Unless you password protected
> your key which -- would be extremely impractical.
>

Well, considering that ultimate security is argueably impossible, one needs to 
ride a fine line between impractical and safe. You have a good point though, 
in that PHP has to have access to the private key in order to encrypt the 
information, and we're already assuming the the php script lives in an 
insecure environment, so in that case, it's no more secure than the original 
plaintext solution.

The developer needs to set up a situation where the connection details are 
secured and only the php process can access them even if the php script 
itself is compromised. This is tough as if someone compromises the script 
contents itself, they could very likely have access to change it, and 
therefore have access to the php process as well.

I think about as safe as you can get is by putting the connection data out of 
the served directory, somewhere that's not directly accessable, and 
concentrate on system integrity. (security wise) This of course was the 
suggestion of several others initially. 

-Micah 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-26 Thread Jason Wong
On Sunday 27 February 2005 07:11, Micah Stevens wrote:
> Well, yes, but as my key is never transmitted from client to server,
> it's safer. ;)
>
> I encrypt a connect request with my private key, which is can be
> unencrypted by the public key, but the server knows it's me because
> only the private key can make the encryption. The message is sent over
> the network, but none of the tools to create it or read it are.

The original question was concerning that if someone somehow had access to 
the file which stored the connections details then they would be able to 
use it to connect to the mysql server. Now if someone somehow had access 
to your key then it's game over for you. Unless you password protected 
your key which -- would be extremely impractical.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
New Year Resolution: Ignore top posted posts

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-26 Thread Micah Stevens
Well, yes, but as my key is never transmitted from client to server, it's 
safer. ;) 

I encrypt a connect request with my private key, which is can be unencrypted 
by the public key, but the server knows it's me because only the private key 
can make the encryption. The message is sent over the network, but none of 
the tools to create it or read it are.

-Micah 


On Friday 25 February 2005 08:59 pm, Jason Wong wrote:
> On Saturday 26 February 2005 04:16, Micah Stevens wrote:
> > I was just thinking that a better way to do this is with a
> > public/private key set. Then it would be secure, but as someone else
> > mentioned, you'd have to patch the source to make it work.
>
> How would it be safer? Correct me if I'm wrong: if I have access to your
> key then I can connect.
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> --
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-db
> --
> New Year Resolution: Ignore top posted posts

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Jason Wong
On Saturday 26 February 2005 04:16, Micah Stevens wrote:

> I was just thinking that a better way to do this is with a
> public/private key set. Then it would be secure, but as someone else
> mentioned, you'd have to patch the source to make it work.

How would it be safer? Correct me if I'm wrong: if I have access to your 
key then I can connect.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
New Year Resolution: Ignore top posted posts

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Micah Stevens
You can't unhash MD5.. it's one way only. You could encrypt something and 
unencrypt it later, but it's not clear what advantage you would get out of 
what you're saying. 

Perhaps I don't understand, but if you have a separate connection file, why 
would you need to pass a password at all? 

-Micah 


On Friday 25 February 2005 09:11 am, Bob Sherer wrote:
> You could programmatically build the connection string in the php
> connection file, couldn't you?  Have a line that sets a variable equal to
> the MD5 hashed value.  Then, build the connection string, applying a call
> to a function that unhashes the password.  That way, the password itself
> never appears in code.
>
> I don't know a thing about unhashing MD5 encrypted strings.  Sorry I can't
> help you there.  But, it sounds like you've already found that info.
>
> Good luck,
>
> Bob Sherer
>
> -Original Message-
> From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 24, 2005 10:54 AM
> To: Gael Lams
> Cc: php-db@lists.php.net
> Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of
> clear password
>
> On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> 
wrote:
> > Hi all
> >
> > I use the classic following rows to connect to a mysql
> > database. I always put $passsword in clear in the php
> > connection file and I wonder whether there is a way to
> > have it in md5 so that someone reading the file could
> > not use it to connect to the db. I googled a bit but
> > find only threads explaining how to have password
> > saved in md5 inside a mysql table which is not I would
> > like to do
>
> Because MySQL is using another password-hashing-algoritm other than
> MD5, as far as I know, it is not possible.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Bob Sherer
You could programmatically build the connection string in the php connection 
file, couldn't you?  Have a line that sets a variable equal to the MD5 hashed 
value.  Then, build the connection string, applying a call to a function that 
unhashes the password.  That way, the password itself never appears in code.

I don't know a thing about unhashing MD5 encrypted strings.  Sorry I can't help 
you there.  But, it sounds like you've already found that info.

Good luck,

Bob Sherer

-Original Message-
From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 24, 2005 10:54 AM
To: Gael Lams
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of
clear password


On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote:
> Hi all
> 
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone reading the file could
> not use it to connect to the db. I googled a bit but
> find only threads explaining how to have password
> saved in md5 inside a mysql table which is not I would
> like to do

Because MySQL is using another password-hashing-algoritm other than
MD5, as far as I know, it is not possible.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Martin Norland
[never made it to list, no idea why - been 26 hours - resending.]
[ may have been since it had reply-to field before to - funny...]
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do
[snip]
No.  Think about it - if your script is able to connect using this MD5
hash of the password - anyone who could read that script could similarly
just connect using the MD5.  Store your password in an included file
outside of the webroot.
Cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International
Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Micah Stevens

I was just thinking that a better way to do this is with a public/private key 
set. Then it would be secure, but as someone else mentioned, you'd have to 
patch the source to make it work. 

-Micah 


On Friday 25 February 2005 07:29 am, Robby Russell wrote:
> On Thu, 2005-02-24 at 02:37 -0800, Gael Lams wrote:
> > Hi all
> >
> > I use the classic following rows to connect to a mysql
> > database. I always put $passsword in clear in the php
> > connection file and I wonder whether there is a way to
> > have it in md5 so that someone reading the file could
> > not use it to connect to the db. I googled a bit but
> > find only threads explaining how to have password
> > saved in md5 inside a mysql table which is not I would
> > like to do
> >
> > Regards,
> >
> > Gal
> >
> > function SQLConnect()
> > {
> > $server_name = 'localhost';
> > $db_name = 'cmsdb';
> > $user_name = 'user';
> > $password = 'clearpassword';
> >
> > if (!$dbconnect =
> > mysql_connect($server_name, $user_name, $password))
> > {
> > echo "Connection failed to the
> > host 'localhost'.";
> > exit;
> > }
> > if (!mysql_select_db($db_name))
> > {
> > echo "Cannot connect to
> > database '.$db_name.'";
> > exit;
> > }
> > }
>
> You could probably do this if you managed to take the mysql source code
> and changed the login functions.
>
> ..but if someone can see your password in MD5 format..could they then
> not login with the same privileges as with your plain text?
>
> -Robby
>
> --
> /***
> * Robby Russell | Owner.Developer.Geek
> * PLANET ARGON  | www.planetargon.com
> * Portland, OR  | [EMAIL PROTECTED]
> * 503.351.4730  | blog.planetargon.com
> * PHP/PostgreSQL Hosting & Development
> * --- Now hosting Ruby on Rails Apps ---
> /

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Robby Russell
On Thu, 2005-02-24 at 02:37 -0800, Gael Lams wrote:
> Hi all
> 
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone reading the file could
> not use it to connect to the db. I googled a bit but
> find only threads explaining how to have password
> saved in md5 inside a mysql table which is not I would
> like to do
> 
> Regards,
> 
> Gal
> 
> function SQLConnect()
> {
> $server_name = 'localhost';
> $db_name = 'cmsdb';
> $user_name = 'user';
> $password = 'clearpassword';
> 
> if (!$dbconnect =
> mysql_connect($server_name, $user_name, $password))
> {
> echo "Connection failed to the
> host 'localhost'.";
> exit;
> }
> if (!mysql_select_db($db_name))
> {
> echo "Cannot connect to
> database '.$db_name.'";
> exit;
> }
> }

You could probably do this if you managed to take the mysql source code
and changed the login functions.

..but if someone can see your password in MD5 format..could they then
not login with the same privileges as with your plain text? 

-Robby

-- 
/***
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON  | www.planetargon.com
* Portland, OR  | [EMAIL PROTECTED]
* 503.351.4730  | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
* --- Now hosting Ruby on Rails Apps ---
/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread graeme
Not answering your question but I'd put the connect info into a separate 
include file. This should then be placed in a directory that can be 
accessed by the Web Server but not by any other user (except root). Then 
when you need to establish a connection you just need to include the file.

graeme.
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do
Regards,
Gaël
   function SQLConnect()
   {
   $server_name = 'localhost';
   $db_name = 'cmsdb';
   $user_name = 'user';
   $password = 'clearpassword';
   if (!$dbconnect =
mysql_connect($server_name, $user_name, $password))
   {
   echo "Connection failed to the
host 'localhost'.";
   exit;
   }
   if (!mysql_select_db($db_name))
   {
   echo "Cannot connect to
database '.$db_name.'";
   exit;
   }
   }
		
__ 
Do you Yahoo!? 
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250

 

--
Experience is a good teacher, but she sends in terrific bills.
Minna Antrim
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Micah Stevens

Nope, the login function uses cleartext. Put your connect function in a 
seperate file in a secure directory, and include() it to make the connection. 

That seems to be the way to do it, someone else may have a better idea. 

-Micah

On Thursday 24 February 2005 02:37 am, Gael Lams wrote:
> Hi all
>
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone reading the file could
> not use it to connect to the db. I googled a bit but
> find only threads explaining how to have password
> saved in md5 inside a mysql table which is not I would
> like to do
>
> Regards,
>
> Gaël
>
> function SQLConnect()
> {
> $server_name = 'localhost';
> $db_name = 'cmsdb';
> $user_name = 'user';
> $password = 'clearpassword';
>
> if (!$dbconnect =
> mysql_connect($server_name, $user_name, $password))
> {
> echo "Connection failed to the
> host 'localhost'.";
> exit;
> }
> if (!mysql_select_db($db_name))
> {
> echo "Cannot connect to
> database '.$db_name.'";
> exit;
> }
> }
>
>
>
> __
> Do you Yahoo!?
> Yahoo! Mail - Easier than ever with enhanced search. Learn more.
> http://info.mail.yahoo.com/mail_250

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Martin Norland
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do
[snip]
No.  Think about it - if your script is able to connect using this MD5 
hash of the password - anyone who could read that script could similarly 
just connect using the MD5.  Store your password in an included file 
outside of the webroot.

Cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International 
Outreach x3257
The opinion(s) contained within this email do not necessarily represent 
those of St. Jude Children's Research Hospital.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

2005-02-25 Thread Jon-Eirik Pettersen
On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote:
> Hi all
> 
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone reading the file could
> not use it to connect to the db. I googled a bit but
> find only threads explaining how to have password
> saved in md5 inside a mysql table which is not I would
> like to do

Because MySQL is using another password-hashing-algoritm other than
MD5, as far as I know, it is not possible.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php