Securing database user credentials

A random thought has hit me.  Most people try to keep their MySQL user credentials secure.  But why?  If a server has been setup properly, it becomes a mute point.

The idea occurred me when thinking about opening a sites source code up.  If I opened the site up, I could give them access to my settings and configuration files.  These files also contain mysql user credentials.  So either I attempt to remove those, or I disallow access.  However, I then wondered why even worry.

I will use my own site as an example.  If I give out my MySQL user credentials to my inactive forum, what good would it do someone?  phpMyAdmin is secured behind a HTTP_AUTH page (over SSL) before you can supply the MySQL user credentials.  I have configured all my MySQL users to only allow localhost connections, so only connections from my server alone are allowed.
So if somebody had my MySQL user credentials, they would be completely useless.  If they managed to exploit the server and upload files that do malicious stuff, they would most likely be able to have that script find and read the settings file.  That being if it was somewhere in the open_basedir restrictions for that site.  If they managed to exploit the server, they could do more damage then logging into mysql.  Although since only I have a login to my site (secured behind SSH),  I have very few files that apache can edit or write to that is web accessible.  To fix any mysql damage they did, all I need to do is restore all mysql data (users as well) from a backup.  File damage is much worse as it is easier to leave a backdoor into the system then.

Although I don’t run any control panel and use phpMyAdmin simply for ease of access, other sites that run admin panels such as cPanel also apply.  Unless they have the cPanel login information, the user installed phpMyAdmin for some reason or configured their mysql users to have outside connections, the data is useless.  With the exception being if an attacker was able to upload a malicious file

For shared servers, this could be a worry if your MySQL credentials are publicly known and a hacker happens to also have a site on your shared server.  So my above points will have little value if your server is shared.  Shared servers carry a risk and that risk means attempting to protect all your credentials more heavily, as an attacker could simply be on the same server as you.

Of course this all depends on the server admin and webmaster having properly setup things such as access to phpMyAdmin and other scripts before hand.  However I think this still provides a good point that even if MySQL credentials are publicly known, they still don’t offer much.

Leave a Reply

Highslide for Wordpress Plugin