I am writing a set of database-driven applications in PHP. These applications will run on a Linux server as its own user. Other users will likely be on the system at times, but have very controlled access. Other servers they will not have access to at all. I will also expose a limit stored procedure API to developers who need to write Perl scripts that access the database using a DBI and a set of functions I write.
我正在用PHP编写一组数据库驱动的应用程序。这些应用程序将作为自己的用户运行在Linux服务器上。其他用户可能有时会在系统上,但有非常可控的访问权限。他们根本无法访问的其他服务器。我还将向需要编写Perl脚本来使用DBI和我编写的一组函数访问数据库的开发人员公开一个极限存储过程API。
My question is what the best way to secure the config files that have connection strings in them?
我的问题是,保护配置文件中有连接字符串的最好方法是什么?
Is a different user with [4+]00 permissions on the file sufficient? Should I encrypt them? That seems to just shift the problem elsewhere so that I worry about where to store an encryption key. I realize the Perl developers will need to have a connection string of their own as they will only have execute database permissions.
文件上具有[4+]00权限的不同用户是否足够?我应该加密?这似乎只是把问题转移到别的地方,因此我担心在哪里存储加密密钥。我意识到Perl开发人员需要拥有自己的连接字符串,因为他们只需要执行数据库权限。
3 个解决方案
#1
7
If the machine really is being administered in the traditional Unix fashion, where J. Random user isn't off su-ing to root all the time, I'd say that filesystem permissions are your best bet. If someone gets unauthorized root access, no amount of encryption silliness is going to "secure" the connection string.
如果这台机器确实是在传统的Unix模式下进行管理,那么J. Random的用户并不是一直都在使用su,我认为文件系统权限是最好的选择。如果有人得到未经授权的根访问,那么任何愚蠢的加密都不会“保护”连接字符串。
I'd mark the files w/ the connection string as owned by the "script user" and give them access as you describe.
我将把文件w/连接字符串标记为“脚本用户”,并按照您描述的方式访问它们。
(Bravo for realizing that encrypting the connection string doesn't buy you anything, in this example. Security through obscurity is counter-productive.)
(在本例中,为实现加密连接字符串不会为您带来任何好处。通过默默无闻实现安全会适得其反。
#2
2
Here's a link to a free Apache module that helps to manage access to a password store:
这里有一个免费Apache模块的链接,可以帮助管理对密码存储的访问:
http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm
http://uranus.it.swin.edu.au/约/ linux / php / passwords.htm
It seems a little elaborate to me, and requires you run PHP under mod_php. And still it doesn't address the possibility that unauthorized people who have access to the server can just read your password file.
对我来说,这有点复杂,需要在mod_php下运行PHP。而且它也没有解决未经授权访问服务器的人可以直接读取您的密码文件的可能性。
I think you have to rely on file permissions, and trust that unauthorized people don't have the ability to sudo to your PHP application UID, or to root.
我认为您必须依赖于文件权限,并相信未经授权的人没有能力sudo到您的PHP应用程序UID或root。
#3
0
My best solution so far has been to store config files in an encrypted partition so that people with direct access to the machine can't pull the passwords off by connecting the drive to another PC, and with file system permissions so people can't read the file from inside the OS itself.
迄今为止我最好的解决方案配置文件存储在一个加密的分区,这样的人直接访问这台机器不能把密码通过连接开车到另一个电脑,所以人们不能读和文件系统权限内的文件从操作系统本身。
You need to understand, though, that there's not much you can do against an attacker with direct access to the machine. If it's running the database server itself, then securing the config files won't have much effect if he can modify the database itself. Just make sure that everything is as secure as it can be and you'll probably be okay.
不过,您需要理解的是,对于直接访问计算机的攻击者,您无能为力。如果它正在运行数据库服务器本身,那么如果他能够修改数据库本身,那么保护配置文件的安全性就不会有多大效果。只要确保一切都尽可能的安全,你就会没事。
#1
7
If the machine really is being administered in the traditional Unix fashion, where J. Random user isn't off su-ing to root all the time, I'd say that filesystem permissions are your best bet. If someone gets unauthorized root access, no amount of encryption silliness is going to "secure" the connection string.
如果这台机器确实是在传统的Unix模式下进行管理,那么J. Random的用户并不是一直都在使用su,我认为文件系统权限是最好的选择。如果有人得到未经授权的根访问,那么任何愚蠢的加密都不会“保护”连接字符串。
I'd mark the files w/ the connection string as owned by the "script user" and give them access as you describe.
我将把文件w/连接字符串标记为“脚本用户”,并按照您描述的方式访问它们。
(Bravo for realizing that encrypting the connection string doesn't buy you anything, in this example. Security through obscurity is counter-productive.)
(在本例中,为实现加密连接字符串不会为您带来任何好处。通过默默无闻实现安全会适得其反。
#2
2
Here's a link to a free Apache module that helps to manage access to a password store:
这里有一个免费Apache模块的链接,可以帮助管理对密码存储的访问:
http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm
http://uranus.it.swin.edu.au/约/ linux / php / passwords.htm
It seems a little elaborate to me, and requires you run PHP under mod_php. And still it doesn't address the possibility that unauthorized people who have access to the server can just read your password file.
对我来说,这有点复杂,需要在mod_php下运行PHP。而且它也没有解决未经授权访问服务器的人可以直接读取您的密码文件的可能性。
I think you have to rely on file permissions, and trust that unauthorized people don't have the ability to sudo to your PHP application UID, or to root.
我认为您必须依赖于文件权限,并相信未经授权的人没有能力sudo到您的PHP应用程序UID或root。
#3
0
My best solution so far has been to store config files in an encrypted partition so that people with direct access to the machine can't pull the passwords off by connecting the drive to another PC, and with file system permissions so people can't read the file from inside the OS itself.
迄今为止我最好的解决方案配置文件存储在一个加密的分区,这样的人直接访问这台机器不能把密码通过连接开车到另一个电脑,所以人们不能读和文件系统权限内的文件从操作系统本身。
You need to understand, though, that there's not much you can do against an attacker with direct access to the machine. If it's running the database server itself, then securing the config files won't have much effect if he can modify the database itself. Just make sure that everything is as secure as it can be and you'll probably be okay.
不过,您需要理解的是,对于直接访问计算机的攻击者,您无能为力。如果它正在运行数据库服务器本身,那么如果他能够修改数据库本身,那么保护配置文件的安全性就不会有多大效果。只要确保一切都尽可能的安全,你就会没事。