WordPress.org

Ready to get started?Download WordPress

Forums

How do I protect MySQL Login credentials? (24 posts)

  1. claudel
    Member
    Posted 8 years ago #

    Hi

    I am trying to figure out a way to protect the MySql login credentials in the wp-config.php file from prying eyes. It is protected via the .htaccess file from being read via browsing http://site/wordpress/wp-config.php, but I am concerned with the other users of my ISP being able to read it when they are logged in to a shell server. If I set mode 600 on wp-config.pgp then Apache ( which is running non-privileged) can't read it. The ISP (Sonic.net) recommends placing sensitive files such as those containing login credentials in another directory, removing world read access and accessing them via php in cgi mode.

    http://www.sonic.net/support/faq/advanced/phpwrap/#shellscript

    I'm not sure if I should try to wrap the entire /wordpress directory or if I should try to separate all or part of wp-config.php and wrap it separately. There seems to be quite a few other files that call wp-config.php that I would need to change to the new path if I move it so that doesn't seem like a good idea for a number of reasons.

    If anyone who has set WordPress up to mitigate this vulnerability can clue me in, I'd mightily appreciate it.

    Thanks

    Claude

  2. Mark (podz)
    Support Maven
    Posted 8 years ago #

  3. claudel
    Member
    Posted 8 years ago #

    Yeah. I saw that.

    It doesn't address the problem of other users at the same ISP being able to read/copy files from the directory unless they are mode 600...

    It also doesn't say how to start WP *with* the credential file protected.

    The web server needs to be able to read it.

    Thanks, though.

    Claude

  4. skippy
    Member
    Posted 8 years ago #

    On a shared host, you cannot prevent other users of that host from accessing your wp-config.php file.

    You could assign ownership of the file to the user used by the Apache process (www-data, or nobody, most likely), and then assign read permission to that user only, and no access to everyone else. That will prevent people with shell access from reading your file.

    But if they know the full path to your wp-config.php file, they could easily write a script in their own webspace to grab your file and display it to them.

  5. claudel
    Member
    Posted 8 years ago #

    Assigning ownership to the webserver is not a bad idea.

    I'm also going to try and install it in a wrapper as Sonic suggests. Supposedly that will protect against snagging it via a script.

    It amazes me that nobody has come up with an effective remediation strategy for this vulnerability.

    In my case, I am not dealing with any data that is particularly valuable or sensitive. If I was, I'd be quite disturbed at the potential for compromise.

    Thanks

    Claude

  6. 46664
    Member
    Posted 8 years ago #

    i thought those hosting providers have some sort of protection for cases like this in a shared hosting.so what will i ask my provider what to do or i do?

  7. skippy
    Member
    Posted 8 years ago #

    The options available to hosting providers are many, and it would be impossible for us to keep track of which hosts do what.

    Contact your hosting provider and ask them for assistance in this. Feel free to share it here, so that others can search for the information. Also post the information to your blog, so that the search engines pick up your answer.

  8. 46664
    Member
    Posted 8 years ago #

    my host just told me that i should not worry because no one can access any single file of mine without my password. though do you think that just because my account is a reseller account make it safe and thats why he answered that way? or his trying to look as if theres no problem?

  9. skippy
    Member
    Posted 8 years ago #

    Who knows.

    If you know another user on your server, you could (with their permission of course) try to write a script that loads a file from within that user's web space. If it works, then you can go back to your host. If it does not work, then chances are your host knows what they're doing.

  10. 46664
    Member
    Posted 8 years ago #

    are you willing to experiment it with me?

  11. 46664
    Member
    Posted 8 years ago #

    hey..this is off topic..i noticed the reply was posted without refreshing..where can i get such plug in>? yes i know theres one but that plug in don't work nicely as what happened here.

  12. Kafkaesqui

    Posted 8 years ago #

    No mind readers here.

    If the concern is over who may or may not have access to your files through the shell, then the best solution is to find a host which does not allow users shell access. However if you require shell access, then you'll have to live with a certain amount of uncertainty in the area of security over your files. A host can take all the measures that are out there to insure others cannot access them, but keep in mind many security measures were developed because someone found a way around other security measures.

    As has been said before, the securest data is the data that doesn't exist.

  13. skippy
    Member
    Posted 8 years ago #

    I can't help you experiment, because I don't use your hosting provider. You'll literally need to find another user of your hosting provider who is using the same server as you.

  14. 46664
    Member
    Posted 8 years ago #

    oh.ok..i can take that argument kafka and thanks.

  15. claudel
    Member
    Posted 8 years ago #

    I have a personal account with the same ISP that is different than the one that hosts the website, so I can easily check...

    thanks

    Claude

  16. TechGnome
    Moderator
    Posted 8 years ago #

    Going back to the OP for a sec.... would it be possible to take the contents of wp-config.php and put them into another file, in a "more secure" (theoreticaly) location, then change wp-config.php to simply do an include on the new file? Then you wouldn't have to change any file that calls wp-config.... since it would still exist.

    Or does that just sound like a crazy idea?

    Tg

  17. It is protected via the .htaccess file from being read via browsing http://site/wordpress/wp-config.php,

    You realize that people can't view the contents of PHP files from their browser, right?

  18. angsuman
    Member
    Posted 8 years ago #

    Take a look:
    How to determine if your sensitive data is safe in shared hosting

    > You realize that people can't view the contents of PHP files from their browser, right?

    That doesn't offer any protection if users sharing the same web host can view the files directly.

  19. That doesn't offer any protection if users sharing the same web host can view the files directly.

    Don't proper hosts not allow one account to access the files in another account?

  20. Joebar
    Member
    Posted 8 years ago #

    You would think so, but from the sounds of it, not necessarily :(

  21. angsuman
    Member
    Posted 8 years ago #

    @Viper007Bond
    It's all in permissions. If you have a file with 777 then what prevents another user in shared hosting setup to basically cat/rm the file?

    Normally they setup default permissions properly. However you are free to change it.

    The ground rule of permissions is to assign the lowest possible to make things work. And never 777 anything.

  22. angsuman
    Member
    Posted 8 years ago #

    This was a repeat of the last post. So deleted.

  23. claudel
    Member
    Posted 8 years ago #

    It is *not* an issue of people being able to read the credentials file via a browser.
    Part of the problem is that the webserver (apache) runs as an unprivileged user, which is good. The bad part is that the credentials file needs to be readable by the webserver, which means the file permission needs to be world read, which allows other users on the shell machine read access as well as the webserver. I'm almost to the point where I can spend enough time to work out a solution, and I'll post here what I figure out.

    Claude

  24. z0r
    Member
    Posted 7 years ago #

    Hi claudel,

    I implemented the solution you linked to in your first post:
    http://www.sonic.net/support/faq/advanced/phpwrap/

    It's really easy to do, and works well. I've now got a config file that is private. Yes, the whole thing runs as me instead of 'nobody', but I think that's better than having my credentials exposed.

    You do need to wrap all the PHP scripts in the wordpress directory, because any of them may access the config file. It's the entry point that defines which user the code runs as, so you can't just wrap wp-config.php alone.

    No other files need to be wrapped, however. If you follow the instructions at the above link, you'll get the desired result.

    I only did one thing differently: wp-config.php is the only file I care about, so it's the only one I changed permissions for. It's set to -rw------- (600), while the rest are still set to -rw-r--r-- (644).

    Good luck!
    Alex

Topic Closed

This topic has been closed to new replies.

About this Topic