search for in the  
<Connecting to DatabaseSQL Injection>
Last updated: Thu, 19 May 2005

Encrypted Storage Model

SSL/SSH protects data travelling from the client to the server, SSL/SSH does not protect the persistent data stored in a database. SSL is an on-the-wire protocol.

Once an attacker gains access to your database directly (bypassing the webserver), the stored sensitive data may be exposed or misused, unless the information is protected by the database itself. Encrypting the data is a good way to mitigate this threat, but very few databases offer this type of data encryption.

The easiest way to work around this problem is to first create your own encryption package, and then use it from within your PHP scripts. PHP can assist you in this with several extensions, such as Mcrypt and Mhash, covering a wide variety of encryption algorithms. The script encrypts the data before inserting it into the database, and decrypts it when retrieving. See the references for further examples of how encryption works.

In case of truly hidden data, if its raw representation is not needed (i.e. not be displayed), hashing may also be taken into consideration. The well-known example for the hashing is storing the MD5 hash of a password in a database, instead of the password itself. See also crypt() and md5().

Example 27-1. Using hashed password field

<?php

// storing password hash
$query  = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
           addslashes($username), md5($password));
$result = pg_query($connection, $query);

// querying if user submitted the right password
$query = sprintf("SELECT 1 FROM users WHERE name='%s' AND pwd='%s';",
           addslashes($username), md5($password));
$result = pg_query($connection, $query);

if (pg_num_rows($result) > 0) {
   echo 'Welcome, $username!';
} else {
   echo 'Authentication failed for $username.';
}

?>


User Contributed Notes
Encrypted Storage Model
oguh at gmx dot net
11-May-2005 02:06
Better use a random value for the salt and store it seperate in the database for every user.

So it is not possible to see if some users have the same password.
Jim Plush - jiminoc at gmail dot com
17-Mar-2005 04:45
Another handy trick is to use MD5 with a "salt". Which basically  means appending another static string to your $password variable to help prevent against dictionary attacks.

Example:
config.php - KEEP THIS OUTSIDE THE WEBROOT
define("PHP_SALT", "iLov3pHp5");
----------------------------------------------

and when you add your database query you would do:
// storing password hash
$query  = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
           addslashes($username), md5($password.PHP_SALT));

This way if a user's password is "DOG" it can't be guessed easily because their password gets saved to the DB as the MD5 version of "DOGiLov3pHp5". Last time I checked, that wasn't in the dictionary :)

<Connecting to DatabaseSQL Injection>
 Last updated: Thu, 19 May 2005
Copyright © 2001-2005 The PHP Group
All rights reserved.		 This unofficial mirror is operated at: The Server Pages
Last updated: Thu May 19 18:35:34 2005 EDT