Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to safely store a password inside PHP code?

Tags:

php

passwords

How can I have a password inside PHP code and guarantee that no one viewing the page in the browser can retrieve it?

Is: <?php $password = 'password' ?> enough? Is there a better, more secure way of doing this?

like image 202
nunos Avatar asked Sep 16 '09 12:09

nunos


People also ask

Is it safe to store password in PHP?

The best way is to store password above your root directory. If you decide to have password in php file then no body would able to view because php files are excuted in the server. But if the server does not support php then those files will be delivered as text files and any one can see the password.

How can I protect my database password in PHP?

We have solved it in this way: Use memcache on server, with open connection from other password server. Save to memcache the password (or even all the password. php file encrypted) plus the decrypt key.

Is there a safe way to store passwords?

Keeper is another secure password manager that helps you manage login info on Windows, MacOS, Android and iOS devices. A free version gives you unlimited password storage on one device. The step-up version costs $35 a year and lets you sync passwords across multiple device options.


1 Answers

That depends on the type of passwords you want to store.

  • If you want to store passwords to compare against, e.g. having an $users array, then hashing is the way to go. sha1, md5 or any other flavor (here’s an overview)

    Adding a salt accounts for additional security, because the same password will not result in the same hash

    Update: password_hash uses a salted, strong one-way hash with multiple rounds.

  • If you want to store passwords to connect to other resources like a database: you’re safest if you store your passwords outside your document root, i.e. not reachable by browsers. If that's not possible, you can use an .htaccess file to deny all requests from outside

like image 124
knittl Avatar answered Oct 01 '22 23:10

knittl