Security issues

[Birokrat]

-where to place the connection string
-what about mysql security
-sessions
-what is web accessble folder
-do I need to compile the php code
-user-role securty system
-anything else..

Regards.

[chrisranjana]

Where to place the connection string

http://php.net/manual/en/function.mysql-connect.php

-what about mysql security

http://www.tizag.com/mysqlTutorial/m...-injection.php

-sessions

http://php.net/manual/en/features.sessions.php

-what is web accessble folder

Any directory which you can access by typing a web url ?

-do I need to compile the php code

From the user point of view, all you will do is upload the php code to a webserver and access that file.php and it runs.


P.S:- Are these your "homework" questions ?

[Birokrat]

I need to know what is the most secure place for my config files (that contain sensitive data-passwords,connection string etc)?

[skywalker2208]

I need to know what is the most secure place for my config files (that contain sensitive data-passwords,connection string etc)?

Not in any web accessible directory.

http://phpsec.org/projects/guide/3.html

Potential problems arise when this file is somewhere within document root. This is a common approach, because it makes include and require statements much simpler, but it can lead to situations that expose your access credentials.

Remember that everything within document root has a URL associated with it. For example, if document root is /usr/local/apache/htdocs, then a file located at /usr/local/apache/htdocs/inc/db.inc has a URL such as http://example.org/inc/db.inc.

Combine this with the fact that most web servers will serve .inc files as plaintext, and the risk of exposing your access credentials should be clear. A bigger problem is that any source code in these modules can be exposed, but access credentials are particularly sensitive.

Of course, one simple solution is to place all modules outside of document root, and this is a good practice. Both include and require can accept a filesystem path, so there's no need to make modules accessible via URL. It is an unnecessary risk.

[Birokrat]

mysql_connect('localhost',$_ENV['MYSQL_USER'],$_ENV['MYSQL_PASSWORD']);

-this is a snippet of code from O'Reilly PHP Cookbook

I like to create a custom config file (to keep my connection string safe) which will override the main conf file since I 'm using a shared hosting enviorment.

I 'm lacking expirence on this subject so I was looking for someone to show me a example or point to a reference.

Regrads.

[Birokrat]

Anyone?

[NogDog]

See http://shiflett.org/articles/shared-hosting and in particular under the heading "What Can You Do?" However, note that this technique requires assistance from the web server administrator to add the necessary entries in the relevant httpd.conf file (assuming Apache is being used). Depending on the hosting company being used, they may or may not accommodate you.

[dk_zero-cool]

Why not just put the strings in some PHP variables in a PHP file extension. No one will be able to view it anyway. And if that is not enough, make a rule for that file in your .htaccess file.

[NogDog]

Why not just put the strings in some PHP variables in a PHP file extension. No one will be able to view it anyway. And if that is not enough, make a rule for that file in your .htaccess file.

The technique above is not to prevent people from seeing it via external HTTP/FTP requests, but via local file system requests via scripts/commands run on the server by someone with another account on the same shared host (or by someone who hacks someone else's account on that host). This is due to the fact that typical shared host configurations have PHP running as an Apache module, which means any file that is readable by your PHP scripts is also readable by anyone else's PHP script (or other script being run by Apache), plus it typically means you have to give the file "world" read access.

(All this points to why if you are truly dealing with sensitive data, you are better off at least getting a virtual private host account if not a private server, but the above technique will help on a shared host if the hosting company will cooperate with you to implement it.)

[JunkDrawStuff]

If your running on an apache server with URL rewrites, you can denay any and all traffic requests on a web exposed folder and still access via an include.

You other option is to lower the file permissions to that of a level that they then become invisble to the web but can be accessed locally.

As for shared servers, if your host is professional enough to take the time, the settings can be made to prohibit server-side access to domains you do not own... This is the case with my web bost, they even have a firewall policy on FTP now to thwart FTP hacks... So it really is down to how fly-by night your web host operations are.

IMHO you should not have any issues if your include file is in the public domain, just add in an Options -Indexes in the HTAccess file for that folder to stop index requsts, I would also add in redirection to the site root, I would also in the connection script include a self load test to check if the file request is for the file at the URL or not. If its a direct request for whatever reason, diver them to the site root. Do not use .inc, use .inc.php and then the file WILL be parsed for sure and any internal security can be used to check the validity of the request.

[dk_zero-cool]

#9

This is due to the fact that typical shared host configurations have PHP running as an Apache module, which means any file that is readable by your PHP scripts is also readable by anyone else's PHP script

Ok. Did not know that shared hosts had such poor setup.
I don't see why. It should not be that hard to make a better install and configuration.