Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Improve password security in server verification

Tags:

php

mysql

I am currently building a setup to take credit card information. The following structure was used:

Server 1:

  • MySQL user set to read only
  • Holds the login credentials.

I use PBKDF2 hashing, done with a class i built based on this code.

Server 2:

  • MySQL user set to read and write
  • holds all of the customers credit card information

My question:

If server 1 stores the paswword in this format: algorithm:iterations:salt:hash

For example: sha256:1000:Pe27BkIKkBHklogp9Io80iRKtF+6koly:nrYUwOlixwJECRcjBRKwQ+MVNMTbnYnm

If server one was compromised, it seems to me that having the password in this format would make it easy for them to crack the passwords for the site and access the users credit card information.

Is this a case where I need to use Mysql (AES_ENCRYPT() and AES_DECRYPT())?

Am I over thinking this?

Is there a better way to protect the information in server 1?

Update Based on Comments

I built my heating and air company system. Any one that pays online can store their cc information with quickbooks if they choose. I have a few larger clients that we bill monthly in office, and process cc's through a desktop terminal. These clients have customer profiles on our servers, which they can access. These are the clients that I want to allow to store there cc information. This way I don't have to have the cc information stored on paper in our office for anyone to find.

like image 942
ROY Finley Avatar asked Dec 28 '12 22:12

ROY Finley


1 Answers

To be honest, if I manage to compromise server 1, I'm not going to try to crack those passwords. They should be secure. What I would more likely do is try to get my own code installed on the server to send me the passwords and/or credit card information when the user logs in. For example, let's say you process the authentication in a file named login.php. If I can compromise login.php, then when it is validating the login, I can have it execute a curl command or something to send the login information to my own server where I can collect it.

But I digress... The answer is that your hashing of the user login details should be secure as you've described it. If server 1's database is compromised, it should be about as secure as it can be. You could add a layer of obfuscation within your PHP code to do something like munge in the a hash of the salt or something so that someone with access to the database but not the code would have a much harder time knowing what process you used to hash the passwords, which would avoid hackers from trying to brute force passwords such as password, iloveu, etc. I would also highly suggest that the credit card information on server 2 is stored in an encrypted format using either AES_ENCRYPT() or PHP's mcrypt_encrypt() function.

Make sure you sanitize all input via POST forms, and you should be good to go.

like image 121
King Skippus Avatar answered Sep 19 '22 11:09

King Skippus