Encrypt passwords from banks in conf file

Navigation
0

I have a PHP system with a config.php file where the bank passwords are stored, the problem and that the passwords that are stored in this file is very exposed would like to know a safer way of storing these passwords

Below is part of the code: 

define ("TIPO_BANCO", "pgsql"); #Tipo de banco utilizado ex: pgsql  
define ("LOCALHOST", "localhost");
define ("PORTA", "5432");
define ("BANCO", "teste1");
define ("USUARIO", "teste1");
define ("SENHA", "teste1");


define ("LOCALHOSTCG","localhost");
define ("PORTACG", "5432");
define ("BANCOCG", "teste2");
define ("USUARIOCG", "teste2");
define ("SENHACG", "teste2");
    
asked by anonymous 17.08.2016 / 17:03

2 answers

1

I will not say that it is not possible but think of it as follows. To access this file you must have access to the server, if an unauthorized person is already inside your server, you can probably access your bank even without this configuration file.

Another point that must be taken into account, to encrypt the data you would need a round-trip algorithm, that is, that can be encrypted and then decrypted, otherwise you will never be able to access the database.

At this point you may be thinking this is a good idea, but unfortunately, you will only have the same problem, because the encryption key will be exposed, since you will need it to decrypt and connect to the bank, the same way configuration file and with it it will be possible to decrypt the database data. Basically it's the same thing as closing a safe and leaving a note on the door talking to the password.

I hope I have helped in some way.

    
17.08.2016 / 18:09
1

Gomes, I had similar doubts when setting up my site / server.

Even if we encrypted the configuration file, somewhere else in our php we would have to enter the password to access the file.

The security recommendations I found are: (note: they are valid for PHP-FPM with nginx in linux, not to what extent they apply to other systems)

  • Place the file "before" the root folder of the web server, but still accessible by the php process. Ex: If the root of the page is "/ var / www / html" put your configuration file in "/ var / www /" or another folder. So even if someone can list their files through the web server, the file with the passwords will be out of range.
  • Remove all "group" and "other" permissions from this configuration file.
  • Change the owner of the file to the same user who runs PHP-FPM.

    • So we approach the way linux stores private SSH keys. Only the user running PHP-FPM or the root user can access this file.

    I hope I have helped with something.

        
    17.08.2016 / 19:24
    Calling Methods and Exception Catching Percentage from 0 to 5