Securely storing user credentials in DB, for PHP web application
I have a built a web application that now has a requirement of storing user credentials for access to another system. (As much as I would like to not do this, unfortunately I have no choice in the matter.)
My web application interfaces with a Windows domain controller over LDAP to verify user accounts. So, when the user logs into my application, the application checks LDAP to make sure they are a valid user and their password is correct. Once authenticated, the users' miscellaneous data is loaded from a MySQL database.
Now, I need to store a username and password for this other system in this database somehow, and I am exploring the most secure way to do it.
One method I have considered was encrypting the credentials for this other system using the users' domain password (as verified by LDAP) as the encryption key. This way if someone did get the database somehow, it wouldn't be of much use as each record would be encrypted with a different (hopefully anyway) key, and that key wouldn't be present in the web application itself anywhere. The problem with this method is that when the user changes their password, the saved credentials for the other system are no longer valid. I would then have to prompt again for the other system credentials. I am not opposed to doing this, provided that there isn't another method.
Any thoughts? Thank you for your time.
Edit: Something else I just thought of was encrypting based on some other data exposed for LDAP. One value that looks promising (and also probably insecure to anyone on the domain) is the objectGUID
, which I assume is the GUID for the account. I might use this the encryption key. Is this easy to find by domain users or others?
Edit #2: I have found that an开发者_如何学运维y domain users can easily look up the GUID via LDAP, so I have decided that method is out. I may have to encrypt based on the user password, unless there are other recommendations.
You might want to see if this other system supports any standard ways of doing "single sign-on." That way you don't have to re-invent the wheel.
In the absence of other suggestions, I am going to simply encrypt the secondary credentials using the user's password. This isn't ideal (as I will lose the data when they update it), but should be sufficient for my particular project at the moment.
精彩评论