https://stackoverflow.com/questions/17103289
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIn the end as we will always control client database, I set up a secret formula that is hashed and then used as the database password and username.
Sensitive Client Details
-
31-05-2022 - |
Question
I have a security related question about storing some client information - specifically their database login credentials.
My app works based on the client and so the database details need to be set at the start. My initial thought was to hold it all in a MYSQL database table but if that gets compromised, then all my clients are at risk.
I've also thought about creating a PHP array with all these details in, it would be a little harder to manage but definitely worth it in terms of security.
Are there any better alternatives out there that I'm missing?
EDIT: Request for more details
I have a MYSQL database on my host (where the app runs from) then the app needs to connect to an external database (my client's) but obviously the app needs to know all of their details.
I'm not sure that encryption is really possible, I can hash it and save it to a table but I can't reverse that so it'd have to be plain text, hence my worry about security - I'd never ever store plain text passwords in a database.
La solution
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
