Sensitive MySQL info in readable PHP file
 

Hi,

I have a personal website written in PHP whose content I control through a MySQL database. On each page I call a function to connect to the database. This function contains my database username and password in plain text, in order to connect. I didn't realize it, but anyone else with a user account on the server could easily browse into my public_html directory and take a look at the file containing this function, which would reveal my username and password.

Changing permissions won't work because the file with the function needs to be readable by all in order to include it in public files. I've thought there might be a way to leave the function public while hiding the username and password in a global variable defined elsewhere, hidden.

I've been doing this for a while but didn't realize the possible security breach until recently and haven't found a solution yet although I'm sure one must exist. Any help would be greatly appreciated.

chown it to apache:apache, chmod 400

chown returns says that apache is an invalid user. Do I need to be root to do this? Because I don't have root acces, only regular user access.

Hi -

PenguinPwrdBox is saying that, if you have confidential information (like a password) in your .php source file, then you need to restrict who can read that file.

Of course, he's right.

When he said "chown apache:apache myfile.php", he meant to change to whatever username/group your web server runs in. It's often "apache/apache", but you'll need to find this out yourself.

When you say "I don't have root privileges", you don't necessarily need to be "root" ... but you DO need enough privileges to change the your file's owner/group.

And having changed it, you'll probably want to be a member of the group that can still read (and preferably also modify) your source file.

'Hope that helps .. PSM

You could also try to have the PHP script read the file using fopen() + fread() or fgets().

You can then store it in another directory, and it it doesn't have to readable by the public ("other"). But you'll do need to find some way to make it readable by the web-server (apache) some way.

BTW, on Debian apache doesn't run as user "apache" but instead as "www-data".

Yes but including or requiring the file is much simpler to code.

But even in this case (reading from a separate file), the password file still needs to be readable by the webserver, which puts it right back into the same situation as if the info were directly in the PHP file itself. (And using a PHP include statement, it technically is.)

The reason this kind of information isn't exposed is because any PHP file getting sent out by the web server gets processed before it is sent out. Hence, your password can't be seen unless it is downloaded using an alternative (e.g. FTP) method. Of course, any sensitive data of this nature should not be publicly accessible by any method other than HTTP or HTTPS.

I'm confident that in order to access this file, you need to have a valid login to the server, not just anonymous. The appropriate user name is indeed www-data, but I don't have the permission to change the file's owner. Putting the information in a separate file then including it or using fopen simply, as taylor stated, puts me in the same situation as if the info was in the same file.

How is this usually done on websites where security is a big issue? I realize a big problem here is that there are many users that I don't know who could access the file instead of being able to control the users on the server.