Protect secret configuration file

3

I have a file isolated from others called config.php . It holds information from 3 databases and some sensitive passwords, but necessary for the functioning of the system as a whole. I wanted to protect this file somehow, anyone who accesses my server and finds it will be able to read the information it contains and disrupt my system later. Is there any solution for this?

    
asked by anonymous 07.03.2015 / 13:25

3 answers

5

If these passwords are required for system operation, then they must be available in the original (or equivalent) format for this system, either on disk or in memory. 100% protection is therefore impossible, but you can take some steps to limit your access.

First, make a list of who you trust and whom you do not trust:

  • Who has physical access to the server, who owns the root password, and who accesses the account that owns this settings file, you need to trust them - there is nothing that you you can do to prevent them from accessing the file;
  • If you do not trust other server users, securing the file with chmod is a means of limiting your access (this is a good thing to do anyway). I suggest 600 - the owner can read and write, the group and the others can not do anything.
  • If you trust the operators, but want to avoid their accidental access to the data (eg, they have opened it to solve a problem, and have eventually seen the password), you may want to code them somehow, for example on base64.
  • In all cases, keep this file inaccessible via the internet - either outside the root of your website / application, or be protected with access controls (eg .htaccess ). >
Finally, an option for more "paranoid" cases (which may be necessary in case of extremely sensitive data, but most of the time is exaggeration) is to encrypt such sensitive data, requiring a password for its decryption. So by giving the boot on the system, the operator would enter this password, which would decipher the other data and store it in memory only - and preferably in a memory region that does not suffer swap . The obvious disadvantage of this approach is that if the server needs to be restarted the password will have to be supplied again - causing loss of availability if the authorized operator is not present.

A middle ground would be to use a hardware module to do this decryption, so the trust requirements boil down to those who have physical access to the machine (ie not even root ) could decrypt sensitive data ). It remains however the possibility of the root user to use a process to read the memory of another, but I do not know how feasible / likely this scenario is.     

08.03.2015 / 01:18
5

There is not much to do. You can protect from external access with traditional means and protect the entire server so that it does not have undue access but someone on the server is difficult to protect this information.

Some will say to encrypt the file or at least sensitive data. But with access to the server the decrypted data or the form of decrypting is available as well.

If the intent is to protect from external access you can put the file outside the website area in a separate directory probably in a hierarchy below. This will do enough.

If your website is in /http/public , you can put it in /http .

If you can not do this, you can set .htaccess to:

<files config.php>
order allow,deny
deny from all
</files>

Another obvious way is to limit access with chmod permissions. Never put 777, probably a 400 will suffice. But this alone is not enough.

    
07.03.2015 / 13:37
3
One of the ways that you can use to block access to this file would be through a rule via .htaccess file, specifying the file in the <Files> :

<Files "config.php">
  Order Allow,Deny
  Deny from all
</Files>

If you need to do the same with other files, you can use the <FilesMatch> / a>, it does the same thing as <Files> , but accepts regular expressions.

<FilesMatch "config\.php|function\.php|include\.php">
  Order allow,deny
  Deny from all
</FilesMatch>
    
07.03.2015 / 13:37