Encryption Key in config file

#1
[eluser]PV-Patrick[/eluser]
I have been searching around on the forums here for about an hour or two in regards to this topic and figured I would just post a topic myself as I couldn't find a 100% answer to my question.

I would like to know how secure keeping your encryption key inside the config.php file is? How is it protected against malicious users that say upload scripts such as c99/100shell and gain access to view/download files within your www directory?

I am going back and forth between SHA1 + salt and the encrypt/encode function with CI + encryption key. Possibly using both for different situations... Anyways, my main question is in regards to the security of that config file and if there are any suggestions on HOW to properly secure it. Thanks in advance and I apologize if this has been covered, I have been looking.

#2
[eluser]xwero[/eluser]
if you keep the file above the public root directory it is more secure. You shouldn't allow uploaded scripts to be executed. First you secure your server as much as possible, then you place your code above the public root and then build in checks for (almost) every input and the key is secure.

I think you are on a good path about the SHA1 vs encryption. Use SHA1 for things that don't need to be decoded and encryption for the things that do need to be decoded.

#3
[eluser]PV-Patrick[/eluser]
I have read that a few times about keeping the file above the public root directory but I think I am failing to comprehend something. Just for explanation purposes the general install of CI is as follows:

public_html/
public_html/system/
public_html/system/application/

The config file resides in application/config/ and therefore is below the public_html directory. Is this not the way it's suppose to be?

My other concern is obviously each controller that needs to read the key would need to belong to the same group/permission to read the config file for that key, correct? Therefore, if the malicious user is able to gain access to let's say the user apache, he therefore will have the same rights as the controller and be able to read the config file as well. I am not entirely sure this is how things work, but I would love for someone to explain it a little more in-depth to me. I am constantly trying to figure out how I can keep that key as secure as possible.

Can you elaborate on how I can disallow uploaded scripts to be executed or point me in the direction I can RTFM. :-P Thank you!

#4
[eluser]xwero[/eluser]
The install in the public directory you have to look at as a lazy/exploring CI install. The index.php is not in the system directory so it's very easy to put the system directory outside the root and the index.php file in the root.

Like i wrote before you have to secure on several levels to secure passwords or keys but if you secure too much it will have performance consequences.

if you allow users to upload php files store them with a non execution extension. If you allow snippets escape the execution trigger, for php <?php to <?php.

#5
[eluser]PV-Patrick[/eluser]
The config.php resides in the application folder, it's my understanding that the application folder needs to remain in the public_html directory, correct? If that's the case, then placing the system folder above the public_html directory really doesn't do much for the config.php file containing the key.

Let me see if I can explain my thought more specifically.... Let's say in controller x.php I am wanting to access that key via the encrypt functions. x.php is owned or grouped by the webserver/user(apache) - For the config.php to be read, that user will need access to read that file, no matter WHERE it is. Thus, a malicious user that has uploaded a script as the user 'apache', can ALSO read that file. I know there has to be a read obviously, however I guess I am asking what is the safest way to store an encryption key in CI. Directory structure/permissions, etc....

I'll also restate this since I really didn't get an answer, I don't allow it...but at the same time, i've seen it happen maliciously:
Can you elaborate on how I can disallow uploaded scripts to be executed or point me in the direction I can RTFM. tongue laugh Thank you!

#6
[eluser]PV-Patrick[/eluser]
Anyone have any ideas on this? I have been searching around and haven't really found anything that answers the question(s). Thanks again!

#7
[eluser]Unknown[/eluser]
I'm just starting out with CI but I was worried about this too and dug around for info.

The application does not need to be in public tree. I have set up as follows:

Code:
Domain Root
->application
->system
->public
  ->index.php
  ->...

So only the index.php, images, css, js etc that have to be downloaded directly are actually there.

In index.php, I have:

Code:
$system_folder = "../system";

and

Code:
$application_folder = "../application";

The ../ tells unix to look one level above the public folder.

Hope this helps!

#8
[eluser]PV-Patrick[/eluser]
Paul,
I have done it that way as well, kind of forgot about this post. Smile


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.