Is it safe to store plaintext passwords in MySQL *temporarily*?

Question

A little bit of background --

I run a game server that runs in Java, and a forum that runs in PHP (phpbb). I have the game and forum accounts linked, such that changing the password in the game automatically changes the password for the forum account. The two systems use different password hashing algorithms, and I need to update the password hash on the forum side by using phpbb's built-in functions, meaning I have to call them from a PHP script (rather than running my own code).

In order to do this, I decided to have Java call the PHP script by making an HTTP request to the PHP script whenever the password needs to be changed, to trigger a PHP script that completes the password-changing process for the forum account. However, I don't want to put the plaintext password in any HTTP call, since it might show up in log files and maybe other exploitable areas. My current idea is that when the Java side is changing passwords, it puts the new plaintext password in a database table, and then makes an HTTP request to trigger the PHP script, such that no hashes or sensitive information goes into the HTTP request. The HTTP call would only pass the username of the account to be changed, and a md5 hash of a shared secret plus the username, for authentication. When the PHP script runs, it retrieves the new plaintext password for the user from the database, immediately deletes it, then runs the plaintext password through phpbb's hashing algorithm and updates the forum database.

Under typical conditions, the plaintext password would probably be in the database for less than a second before it is deleted. Ideally, I wouldn't be storing it anywhere at all, but I am not sure how else to communicate the needed change from Java to PHP when I can't predict what the forum's password hash will be, so I need to somehow send the plaintext password to the PHP script that does the hashing.

Any ideas on a better way to do this, or is there any feedback on storing the plaintext password for a very short period of time? I consider the MySQL login to be secure and is not shared with other people or projects.

Thanks!

Answer 1

Don't store plaintext passwords. If your game becomes popular, it might be a target to constant attacks of hackers especially if it will contain a monetary aspect (i.e - the case of world of warcraft, travian and others). In this case, you will need to assume that although you attempt to protect your system, Someone might hack it, and as a result get sensitive data. You should use standard encryption mechanisms in order to perform this task (i.e - send the password to forum system via HTTPS for example, in a secure way). I would also recommend you to explore the comment of @Joshua Kaiser - single sign on may be the key to answer your needs, and don't try to reinvent the wheel here. I can tell you I Work with kerberos for example, and Kerberos has a ticket mechanism in which the tickets can be re-used among applications. Unfortunately I dont know PHP, and don't know how pluggable the forum framework to use different authentication modules.

P.S - I posted this answer twice by mistake, and tried pressing "delete post" - I hope stackoerflow takes care of that.