Securing database (MySQL) login credentials in a web application (LAMP stack)

Question

First off, if there is an exact duplicate - I didn't find any so I apologize in case the answer was already provided.

I'll present the problem I'm facing, hoping I'll get some insight or a straightforward "not possible" answer.

How to secure database credentials in a web application in case the server where PHP is gets compromised? Assume that in this problem's case we are not talking about shared hosting, VPS or anything alike, there's only one person who has access to the box that stores MySQL information.

MySQL server itself is located at another (remote) box and allows connections from only a range of IP addresses (bound to the PHP box).

How to ensure that malicious user will not be able to obtain the details needed for connection string for MySQL? Assume that the user has broken the root login of the linux box running PHP.

What steps would you take towards providing highest security in terms of accessing information needed to establish MySQL connection in such a case?

Thank you for reading and commenting in advance.

Answer 1

The best solution here, if this is a main priority, would be to use stored procedures.

Stored procedures store the database queries inside the database, therefore just set them up, and then create a new MYSQL user with just stored procedure execution permissions. That way even if the application code was compromised they would only be able to manipulate a limited subset of your data, and they also gain no knowledge of the underlying database structure.

The negatives to this approach are maintainability, due to the fact your mixing application logic with your storage system, and it might not be portable across platforms.

If you want a simple solution, what hafichuk suggested might be better, just customize it to fit your needs. Unfortunately your script needs to be able to access the database, unless your web server and application server were on separate machines and communicated over some encrypted channel such as SSH, but then your just getting too complicated. It all depends how important protection really is to you, and how far your willing to go to ensure it.