4

I'm setting up Paypal Pro and am considering ways to store my password securely. This is Paypal's testing code and comments. How should I change this in order to securely protect the password?

I am only storing 1 password here - our API Password.

/**
# API_password: The password associated with the API user
# If you are using your own API username, enter the API password that
# was generated by PayPal below
# IMPORTANT - HAVING YOUR API PASSWORD INCLUDED IN THE MANNER IS NOT
# SECURE, AND ITS ONLY BEING SHOWN THIS WAY FOR TESTING PURPOSES
*/

define('API_PASSWORD', 'LJKL235JL532K35');
Bob Cavezza
  • 2,810
  • 7
  • 38
  • 56

4 Answers4

2

I think the most important thing is to store the password outside of your web-root folder.

Apart from that I don´t really see what else you can do; if people gain access to the folders where the scripts are stored, they also have access to the code that decrypts / retrieves the password so no matter how good the encryption is, the password will be available. Unless I´m missing something...

jeroen
  • 91,079
  • 21
  • 114
  • 132
1

I would look at this previous question:

Password handling best practices?

Community
  • 1
  • 1
trickwallett
  • 2,418
  • 16
  • 15
0

Store it encrypted in your database, or in a file. If you want a more specific answer, you'll have to ask a more specific question.

ehudokai
  • 1,928
  • 12
  • 9
0

You may crypt the password, using a key that you know and don't store. I think you need to have mcrypt extension on in your PHP.
I have made a set of functions crypt/decrypt if you're interested.

Nabab
  • 2,608
  • 1
  • 19
  • 32