Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
464 views
in Technique[技术] by (71.8m points)

php - Password Encryption , storing password in session

I am in need of storing password and use it again. I think this is not at all safe.

Scenario:

I want to create a webmail program where user login with username and password, then check their emails. This tool does not intend to store passwords on db. But in PHP we need to connect to the mail server in each page the user navigates to. So username and password is needed to connect to mail server. How can this be done in the safest way?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Since storing the password is not intended, but also having to re-enter the password many times is not desirable either, the only solution I see is this:

  • Encrypt the password (using e.g. AES) with a random key of sufficient length
  • Store the encrypted password and username in the session
  • It's probably no mistake to encrypt the username and mail server too, just in case. It won't hurt, and a presumed attacker doesn't have a known username on a server.
  • Store the encryption key in a cookie

This is not perfect, but it should work reasonably well, and it is probably as good of a trade-off as you can get.

With each request, the user's browser will send the cookie, the PHP script can use the cookie to decrypt the data stored in the session and do a request on the IMAP/POP server.

Someone exploiting your server and gaining access to the session store will be able to steal encrypted passwords, but if your random keys are of sufficient length and good random quality, this is pretty futile.

The point is, you can only really secure something with a secret that you don't know. If you have the necessary information to decrypt some information (IMAP password in this case) on your server, for example in the session store, everyone exploiting your server can do the same. No matter how strong your encryption is, it doesn't make any difference.
The only way to make sure secrets remain secret is by encrypting them with something you don't know, something only the user (or in this case the user's browser) knows.

Which leads to the unsolvable problem that at some point in time, you obviously have to know, at least for a fraction of a second. That's the time between the web server receiving the cookie and the PHP script exiting. In theory, if someone with root access was reading the process memory during that time, he would know the secret, too. But alas, that is something you really cannot prevent.
As long as the information is never stored anywhere (not even in the session) it should be reasonably safe, though.

Of course all of this assumes that at least the login page on your site (preferrably all) is served via https://, and you use TLS/SSL to communicate with the mail servers. Otherwise, you're open to much more trivial attacks.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...