I have created a class file database.php which handles all the sql queries and connecting to database. I store username and password for the database in a variable (which is easily seen if one gains access to the php file).

I want to encrypt that username and password so that even after having that php file one is not able to have an idea of the original username and password.

Please help me as I am in need of some idea desperately.

Thanks

This can hardly be done. You need the password in a decryptable form to send it to the database. Any such form will in some way be readable by a person who gains access to the .php file.

The common sense approach is to keep the configuration files outside the we broot as a basic security measure, and prevent outside attacks through properly securing the server. Hundreds of thousands of web sites run that way, without additionally encrypting their sensitive data in the way you describe.

I'd hate to break it for you, but if someone has access to your source files for your site then it's already game over. They will be able to insert code into them to just scrape the data needed, or more likely get the code to install a trojan onto your visitors computers. It's best that you spend the time and engineering effort locking down your servers and development machines so that a perpetrator can't get in. Also having a good disaster recovery plan is a necessity.

If someone has access to your source, then they have all of the means necessary to connect to the database, regardless of how you store your password. After all, the PHP interpreter eventually needs to know what the actual password is, and anyone who can see the source can do exactly what the PHP interpreter would, thus acquiring the password.

Instead, you need to find a way to control who has access to your source.

Sorry I had misinterpreted the question to begin with..

If you are using a username and password for your script to access the DB, then obviously you need to store this somewhere to begin with (in your script).

The only way I can think of would be to obfuscate the password in your source and do some manipulation to get the correct value. But this just seems like overkill, as if someone has access to the source already then more than likely they can figure the rest out..

EDIT: Why not store the username/password in a local file on the server, then only give read access to PHP? At least that way it is not directly viewable in your source code.

There's no way of encrypting something so that only MySQL can decrypt it. You need to provide MySQL with that plain-text password sooner or later.

Idea
Set the file permissions on database.php as low as possible. If you have this:

 rw-rw-r-- gaurav gaurav       database.php

Then maybe set it like this (assuming your php-processes are running under www-data)

 r-------- www-data www-data   database.php

I assume you are distributing the code somehow, or that you don't trust your own host environment.

There are ways of encrypting PHP source but they have varying levels of complexity and cost. Some require additional (decryption) software to be installed on the host server, which may or may not be an option that you can have.

Have a look at this article for some further info on a number of PHP encryption tools.

If (and only if) your intention is to stop showing the username+password to people who have access to the source, it could be done. It's not too convenient however, and consists of these steps:

One-off:

• put your username and password into a strongly-encrypted file (e.g. AES with a long,strong key) and set its permissions accordingly

On every boot:

• on server start, decrypt the file, manually entering the file's password, and use some long-running process as a temporary storage
• now that you have the username+password stored in memory, erase the decrypted version of the file.

In your scripts:

• request the username+password from your temp storage
• connect to database
• remove the username+pw from your script's variables

Note: all this means that the password cannot be recovered by looking at the source code. Those who can modify and run scripts on your server are in the same position as before - "request password, print it out", instead of just "print it out". Another disadvantage is that you now have to enter the decryption password on every server restart.

When storing a password you ALWAYS use one-way hashing, preferably SHA-256 (because MD5 isn't secure) to store the password. And when you want to compare the password, simply SHA-256 hash the attempted password and see if the hashes are the same.

Encrypted passwords are simply not secure, if there's a way to get the raw text password out of the garble, your security is flawed.

PS: And yes any website that can email you your password is flawed.