Security: database.php & plaintext password

[eluser]atompkins[/eluser]
I'm just starting out with PHP and CodeIgniter and was wondering: What's the correct way to handle plaintext passwords in database.php?

Having a plaintext password doesn't seem like a very secure way to do things but I can't see a way in CodeIgniter to setup a two-way encryption/decryption process for the passwords in database.php, except by reverting back to regular PHP and doing it all manually which seems to defeat the object of having a framework in the first place.

Is there a recommended method for handling plaintext passwords in config files?

Thanks in advance.

- Adam

[eluser]Wuushu[/eluser]
If they can view your database.php you're screwed anyway.

[eluser]rogierb[/eluser]
True, make sure your application folder is not in the root of your website and set low permissions on it.
Plain text pwd should not be a problem when users cannot access the database.php file.

Side note: I have seen some using the root user in their databse.php. If I had hairs at the back of my neck, they would be standing upright in sheer horror. Always create a dedicated user per database and give the appriopriate amount of privileges to that user.

[eluser]Mat-Moo[/eluser]
You don't use two way encryption, just 1 way. When you store the password in the database use md5($xxx) to encode it, then check the password using if (md5($user_entered_password)==$database_row_password) OK

[eluser]Unknown[/eluser]
[quote author="Mat-Moo" date="1259681153"]You don't use two way encryption, just 1 way. When you store the password in the database use md5($xxx) to encode it, then check the password using if (md5($user_entered_password)==$database_row_password) OK [/quote]

That's not exactly what he meant...

As previous speakers said, place your system folder outside the www-root and use low permissions.

[eluser]Jondolar[/eluser]
You can encode your file with zend or ioncube. This will protect your password but it won't work for the framework. Without using the CI framework to connect to the database you would run the password through a decrypting function, possibly with a salt. You'd need to offer a page that will encrypt the password so your users can then put the encrypted password into the config file. That page will need to be encoded as well so it hides the salt and hides the routine you are using to do the encryption. Now, when you want to connect to the database, read the encrypted password from a file, pass it to the decrypting function and then use the result to log in.

[eluser]BrianDHall[/eluser]
If you encrypt the password, then where do you store the password to decrypt the password?

You end up with one heck of a pain trying to use half-measures, like encoding, and spending days messing with it to end up with no real additional security. +1 for low permissions and moving out of root for extra safety.

[eluser]atompkins[/eluser]
Thanks to everyone for their help.

For all those with the same question in the future, here's a great explanation of how to modify the CodeIgniter directory structure to reflect the suggestions posted in this thread:

Better Server Setup for CI

- Adam

[eluser]Jondolar[/eluser]
[quote author="BrianDHall" date="1259722700"]If you encrypt the password, then where do you store the password to decrypt the password?

You end up with one heck of a pain trying to use half-measures, like encoding, and spending days messing with it to end up with no real additional security. +1 for low permissions and moving out of root for extra safety.[/quote]

Hi BrianDHall,

You store the encrypted password in a configuration file:

$config['dbpassword'] = "k*(&E #&4*#*djfy7u43";

This gets passed to an unencryption function:
$dbpass = unencrypt($config['dbpassword']);

You then use $dbpass as the password to your database.

The encryption and unencryption functions need to be in an encoded script.