1

I have a security related question about storing some client information - specifically their database login credentials.

My app works based on the client and so the database details need to be set at the start. My initial thought was to hold it all in a MYSQL database table but if that gets compromised, then all my clients are at risk.

I've also thought about creating a PHP array with all these details in, it would be a little harder to manage but definitely worth it in terms of security.

Are there any better alternatives out there that I'm missing?

EDIT: Request for more details

I have a MYSQL database on my host (where the app runs from) then the app needs to connect to an external database (my client's) but obviously the app needs to know all of their details.

I'm not sure that encryption is really possible, I can hash it and save it to a table but I can't reverse that so it'd have to be plain text, hence my worry about security - I'd never ever store plain text passwords in a database.

0Neji
  • 1,038
  • 1
  • 14
  • 36
  • 1
    This needs more elaboration. You have a central server running mySQL? Then the usual way is to store the client details there, and make sure it's secure. The users should never get the actual database login data; there's usually a layer in between that handles the user's privileges and decides what they get to see. – Pekka Jun 14 '13 at 07:31
  • You can md5 hash your database credentials. They can still be compromised but they're more secure that way. – Albzi Jun 14 '13 at 07:31
  • 1
    @BeatAlex Never, ever use MD5 for that. Use Bcrypt, Scrypt, or PBKDF2. – 1615903 Jun 14 '13 at 07:34
  • 1
    @0Neji you might get better answers at http://security.stackexchange.com – 1615903 Jun 14 '13 at 08:51
  • @user1615903 Thanks for the link - never knew that site existed! Will get my question put up on there. Cheers. – 0Neji Jun 14 '13 at 08:54

1 Answers1

0

In the end as we will always control client database, I set up a secret formula that is hashed and then used as the database password and username.

0Neji
  • 1,038
  • 1
  • 14
  • 36