Geek Answers Handbook

Is it safe to store plaintext passwords in MySQL * temporarily *?

A bit of background -

I am running a game server that runs in Java and a forum that runs in PHP (phpbb). I have accounts associated with the game and the forum, so changing the password in the game automatically changes the password for the forum account. The two systems use different password hashing algorithms, and I need to update the password hash on the forum side using the built-in phpbb functions, that is, I have to call them from a PHP script (instead of running my own code).

To do this, I decided that Java would call the PHP script by making an HTTP request to the PHP script whenever the password needs to be changed in order to call the PHP script that completes the password - changing the process for the forum account. However, I do not want to put the plaintext password in any HTTP call, as it can appear in log files and possibly in other accessible areas. My current idea is that when the Java side changes passwords, it puts the new plaintext password in the database table and then makes an HTTP request to run the PHP script so that the hash or sensitive information does not get into the HTTP request. The HTTP request will only transmit the username of the account to be changed and the hash file of the md5 shared key plus the username for authentication. When the PHP script is launched, it extracts the new plaintext password for the user from the database, immediately removes it, then launches the plaintext password through the phpbb hash algorithm and updates the forum database.

Under typical conditions, the plaintext password is likely to be in the database less than a second before it is deleted. Ideally, I would not store it anywhere at all, but I'm not sure how else to communicate the desired change from Java to PHP, when I can not predict that there will be a hash password for the forum, so I need to somehow send the password plain text for a PHP script that performs hashing.

Any ideas on a better way to do this, or is there any feedback on keeping the plaintext password for a very short period of time? I believe that MySQL login is safe and not shared with other people or projects.

Thanks!

+7
source share
3 answers

Encryption is a way.

  • Encrypted Connection: A synonym for HTTPS. Transfer data to phpbb using HTTPS if your server supports it.
  • Encrypted data: either encrypt the password, or somehow store the key (very insecure), or use asymmetric encryption. See the answer to my question for a good idea on how to send a password over a secure channel.
0
source

Do not store plaintext passwords. If your game becomes popular, it can become the target of constant attacks by hackers, especially if it contains a monetary aspect (i.e. the case of the world of warcraft, travian and others). In this case, you will need to assume that, although you are trying to protect your system, Someone can hack it, and as a result receive confidential data. You must use standard encryption mechanisms to accomplish this task (for example, send a password to the forum system via HTTPS, for example, in a secure way). I also recommend that you read the comment by @Joshua Kaiser - one sign may be the key to your needs, and don't try to reinvent the wheel here. I can tell you that I work with kerberos, for example, and Kerberos has a ticket mechanism in which tickets can be reused among applications. Unfortunately, I do not know PHP and do not know how to connect the forum framework to the use of different authentication modules.

PS - I sent this answer twice by mistake and tried to click "delete message" - I hope that stackoerflow will take care of this.

+3
source

It depends on the database you use with Java more than PHP. PHP uses PDO to connect to a database and manage data. You can try just to have one database as the main password store, and the other as a reserve, depending on the reverse encryption.

Have a PHP (for example) PDO text password directly in Java db in a temporary field - user-specific, of course - and then tell PHP to force the Java function to read this column, hash, update the correct ones and delete the temporary field.

If everything is done correctly, you can limit the time frame of the vulnerability to a few milliseconds.

0
source

More articles:


All Articles