Suso Logo suso
Support Site
main site     webmail    

All too often I see a web developer storing the clear text database passwords directly in the web application or in multiple places in their web space. This is bad for two main reasons.

  • There is always the possibility that files in a users web space could be readable by another unpriviledged user on the system or worse, some random client on the internet.
  • If the password is not stored in a standardized location or is stored in multiple locations, it makes it more troublesome and prone to error when needing to change the password.

So to overcome these two problems, I introduce the databaseinfo file. This file manifests itself as mysqlinfo, pgsqlinfo or whatever database you are using and is placed in a private directory in the user's home directory. The contents of the file are a single line with the followng format:

username:cleartextpassword:databasehostname

Then the file is made to be owned by the user and group owned by the group that the web server runs as. Also, the file needs to be mode 0440. The private directory that it is stored in should have the same ownership as the mysqlinfo file and be mode 0750.

Now, the key thing here is that your webserver must have any modules or programs such as PHP or suexec (for CGIs) setup to be in their most secure form. This means that PHP must be in safe_mode or have openbasedir set to each user's home directory for each virtual host container that the user has. Suexec should be setup for handing CGIs so that they will run as the user that they belong to.

Then you have your users use code like the following in their web applications that need to use the database:

For PHP:

<?php

unset($userpass);

unset($dbusername); unset($dbpassword); unset($dbhostname);

$filename = '/home/username/private/mysqlinfo'; $fp = fopen("$filename", 'r'); $contents = fread($fp, filesize($filename)); $contents = chop($contents); fclose($fp); $array = explode(":", $contents);

$dbusername = $array[0]; $dbpassword = $array[1]; $dbhostname = $array[2];

?>


For Perl:

#!/usr/bin/perl

undef $userpass; undef $dbusername; undef $dbpassword; undef $dbhostname; open(MYSQLINFO, '/home/username/private/mysqlinfo'); $userpass = <MYSQLINFO>; chomp($userpass); close(MYSQLINFO);

($dbusername, $dbpassword, $dbhostname) = split(":", $userpass);

Using this method you can feel better about offering database access for web application users and keep them from doing stupid things like putting cleartext passwords in web accessable files. You can also extend this method onto other places such as providing a universal place that your CLI programs grab their passwords from or by putting multiple lines of user/password/hostname triplets in the mysqlinfo file and modifying the code to check for the line that you are looking for.

We have been using this method successfully for over 5 years and it is now starting to catch on to other web hosting providers.

Please send email to if you have any questions about this method.