Encrypt Codeigniter database

Asked

Viewed 318 times

0

good night.

I took the boat riding here at the company I joined to continue a system for a company, in Codeigniter connected with a Sqlserver database. My knowledge of Sqlserver and servers is pretty low, so I’m getting a little bit.

The system is on one server and the database is hosted on another. The client because he was afraid of hacking, or something like that, wanted the connection to stay on another server and encrypt the access password to the bank, according to him.

Could I do that, put the database.php file on another server and my system access it to fetch the information and then access the server with the database, or encrypt the access password to the bank?

Any other suggestions you can give me, I’m also available to listen and would appreciate it very much.

  • File database php. on another server will stop the program from working. Doing this at least does nothing. The Codeigniter has option to use an encrypted connection: 'encrypt' => TRUE' in the database php.. But encryption must be enabled on SQLServer. To ensure more security in data traffic and avoid password interception use HTTPS (SSL/TLS on the web server).

  • One thing I recommend is to use environment variables, so it will be safer yes, and as for the bank to stay on another server it can be for several reasons, not only security, as processing, distributing the load between servers, so the application gains performance. Take a look at this article that might help http://www.universidadecodeigniter.com.br/como-ler-variables-ambient-no-codeigniter/

  • The archive database php. already works with environment variables. I repeat: no need to change the database php. to another server. This will only create an unnecessary complication. If the bank is already on another machine, great. Enable SSL/TLS in the bank and use HTTPS in connection with browser.

  • The customer probably doesn’t even know what he’s talking about (as most of the time). He thinks this is the best way to prevent attacks, but it is not there. Soon he will want to use a webservice just for that!

  • If the customer’s problem is this fear of being attacked, then it would be interesting to provide a password for the database with a more restricted access.

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.