Login/Register
Is it safe to store plaintext passwords in MySQL *temporarily*?
Asked Answered
Solved javaphpmysqlsecurityphpbb3
N

3

7

A little bit of background --

I run a game server that runs in Java, and a forum that runs in PHP (phpbb). I have the game and forum accounts linked, such that changing the password in the game automatically changes the password for the forum account. The two systems use different password hashing algorithms, and I need to update the password hash on the forum side by using phpbb's built-in functions, meaning I have to call them from a PHP script (rather than running my own code).

In order to do this, I decided to have Java call the PHP script by making an HTTP request to the PHP script whenever the password needs to be changed, to trigger a PHP script that completes the password-changing process for the forum account. However, I don't want to put the plaintext password in any HTTP call, since it might show up in log files and maybe other exploitable areas. My current idea is that when the Java side is changing passwords, it puts the new plaintext password in a database table, and then makes an HTTP request to trigger the PHP script, such that no hashes or sensitive information goes into the HTTP request. The HTTP call would only pass the username of the account to be changed, and a md5 hash of a shared secret plus the username, for authentication. When the PHP script runs, it retrieves the new plaintext password for the user from the database, immediately deletes it, then runs the plaintext password through phpbb's hashing algorithm and updates the forum database.

Under typical conditions, the plaintext password would probably be in the database for less than a second before it is deleted. Ideally, I wouldn't be storing it anywhere at all, but I am not sure how else to communicate the needed change from Java to PHP when I can't predict what the forum's password hash will be, so I need to somehow send the plaintext password to the PHP script that does the hashing.

Any ideas on a better way to do this, or is there any feedback on storing the plaintext password for a very short period of time? I consider the MySQL login to be secure and is not shared with other people or projects.

Thanks!

Nannette answered 21/11, 2012 at 3:58 Comment(7)
Can you encrypt it from Java right before you store it in the DB and the decrypt it from PHP right after you read it from the DB?Serialize
Encryption is a decent idea, since apparently you already have a shared secret. What about just sending the username and plaintext password to PHP via HTTPS and POST, like form data?Gael
Better yet, create a custom authentication plugin for PHP BB wiki.phpbb.com/Authentication_plugins This supports custom password authentication schemes, and should allow you to take advantage of single sign-on if applicable.Bayonne
Wouldn't it be easier just to have both applications use the same hashing algorithm? It will be easier to manage them and you won't run into problems like this.Yorgos
You could just change your Java game to use the same hashing algorithm as the forum...Cockaleekie
@Yorgos You are assuming that OP knows phpBB's hashing algorithm.Cienfuegos
@GiulioMuscarello Since phpBB is open source, it wouldn't be hard to figure it out.Yorgos
C
0

Encryption is the way.

  • Encrypted connection: Synonym for HTTPS. Pass the data to phpbb using HTTPS, if your server supports it.
  • Encrypted data: either encrypt the password and somehow store the key (very insecure), or use asymmetric encryption. See the answer to my question for a good insight of how to send the password over a secure channel.
Cienfuegos answered 21/11, 2012 at 9:45 Comment(1)
For my particular case, this method works best, as it requires the least amount of work. I'm taking my existing PHP script and using it over HTTPS and passing the passwords that need to be hashed over the encrypted connection.Nannette
S
3

Don't store plaintext passwords. If your game becomes popular, it might be a target to constant attacks of hackers especially if it will contain a monetary aspect (i.e - the case of world of warcraft, travian and others). In this case, you will need to assume that although you attempt to protect your system, Someone might hack it, and as a result get sensitive data. You should use standard encryption mechanisms in order to perform this task (i.e - send the password to forum system via HTTPS for example, in a secure way). I would also recommend you to explore the comment of @Joshua Kaiser - single sign on may be the key to answer your needs, and don't try to reinvent the wheel here. I can tell you I Work with kerberos for example, and Kerberos has a ticket mechanism in which the tickets can be re-used among applications. Unfortunately I dont know PHP, and don't know how pluggable the forum framework to use different authentication modules.

P.S - I posted this answer twice by mistake, and tried pressing "delete post" - I hope stackoerflow takes care of that.

Supat answered 21/11, 2012 at 4:17 Comment(0)
H
0

It depends on the database that you're using with Java more than PHP. In PHP use PDO to connect to the different database and manipulate the data. You might try simply having one DB as the primary password storage and the other as salve - depending on reverse encryption mind you.

Have PHP (For example) PDO the text password directly into the Java db in a temp field - specific to the user of course - and then tell PHP to trigger a Java Function to read that column, hash it, update the correct column and delete the temp field.

If done properly, you could have the time-frame of vulnerability limited to a few milliseconds.

Harragan answered 21/11, 2012 at 4:9 Comment(0)
C
0

Encryption is the way.

  • Encrypted connection: Synonym for HTTPS. Pass the data to phpbb using HTTPS, if your server supports it.
  • Encrypted data: either encrypt the password and somehow store the key (very insecure), or use asymmetric encryption. See the answer to my question for a good insight of how to send the password over a secure channel.
Cienfuegos answered 21/11, 2012 at 9:45 Comment(1)
For my particular case, this method works best, as it requires the least amount of work. I'm taking my existing PHP script and using it over HTTPS and passing the passwords that need to be hashed over the encrypted connection.Nannette

© 2022 - 2024 — McMap. All rights reserved.