My web application stores exterior website login/passwords for interaction together. To have interaction with one of these websites I have to make use of the original password text, so storing only the hash during my database won't work.
How must i store these passwords?
Edit: I'm concerned if a person will get use of my server. Basically apply certain type of 2-way file encryption and they've server access they can just check the way the passwords are decrypted during my after sales code.
If you have to do this, you need to use a 2-way file encryption. You will find a great deal calculations (ciphers) with this, but essentially you secure your computer data by having an file encryption key, and employ exactly the same key for decrypting them again.
Selecting the best cipher is dependent which are based on the programming language of your liking, but good examples are:
They are available in different complexity plus some are not as easy to hack than the others. You need to realize though, that no two-way file encryption is protected from cracking, given sufficient time. Therefore it all is dependent on, how sensitive these passwords are.
Decide what you're safeguarding them against. Options include (but aren't restricted to): Accidental disclosure, disclosure on your part, disclosure in transmission, disclosure because of code error, disclosure because of physical thievery of hardware, etc.
If this sounds like an internet application, and every user is storing his/her very own group of passwords, then you definitely might secure these passwords using their login password for your application. If this sounds like a credit card applicatoin that every user installs individually, and which will keep its very own local database, you might have an optional master password (like Opera does).
If you're just making certain the information is safe when the hardware is stolen, you may make use of a full disk file encryption solution like TrueCrypt or PGP WDE, or Ubuntu, Debian, or Fedora's built-in approach, and need a PIN or password on every boot.
Should you just worry about secure transmission, have code to actually use transport security, and do not be worried about encrypting the information inside your database.
It appears in my experience that you would like to keep passwords similarly as Opera and Chrome. So take a look at the way they get it done?
This is the way Chrome will it: http://www.switchonthecode.com/tutorials/how-google-chrome-stores-passwords
I'd build a storage shed within the following way.
Safeguard data against hardware being stolen:
Use disc file encryption as talked about in the past posts.
Safeguarding data if server is jeopardized (compromised):
I'd use two different servers with this project, one worker server and something front server.
A) Worker server
- It has the DB with passwords etc, additionally, it connects with other services.
- For connecting to worker server, customers can perform it with an API. API should dress in function, insertUserData, which enables userdata to become placed, API steered clear of all of the input.
- API uses a DB user which has only input privilegies around the userData table.
- This is the only method to contact this server.
- Only allow SSL connections.
- This server consequently runs chron jobs that connect with exterior services, pulls data from their store and populate it's DB. Make use of a different DB with various user rights.
- This server runs another chron JOB which connects towards the front server and pushes new data to front server.
- Minimal quantity of services running
- Only SSH/SCP out of your IP, tight firewalling. Block if connections exced X / min etc because they only would do an periodic place.
- NO FTP etc.
B) Front server
Receives data from Worker server, never uses the passwords itself. Best way to make contact with worker server is thru API pointed out above, just for new user information. This is when all customers login to determine their information etc.
The issue with doing the work all on a single server, when you get compromised the hacker can sit and sniff all incoming data / passwords etc.. so even when they're saved / encoded / decrypted safely, with a few persistence he'd sniff all of them.