All geek questions in one place

Where to store confidential information in the Drupal module?

In the module that I create, I have some confidential information that I have to store securely: the remote database host, username and password.

It seems that the only repository is available in the Drupal database, which bothers me, as this means that if Drupal is hacked, it is a different database. The settings.php file in sites/all/default was my second option, but I had trouble writing it. Various chmod commands in FTP and SSH until 777 and 666 will not open the file for writing. I'm also not sure that the variables that I set there are available elsewhere.

Are there other ways to safely store this information?

+4
source share
3 answers

You are on the right track using settings.php. You can use the $ conf variable in settings.php to set the variables you can get in the modules using variable_get .

+3
source

Hmmm ... that sounds like something you shouldn't do at all. Write an API that resides in a remote database that you can access.

If you insist on direct access to the database. Hard host code, username and password in the file, put the file outside the document root and include it from there. For example, if your document root directory (for example, the Drupal index.php file) was / www / htdocs, put the file containing the information on something like / www / secure and include it where you need it. Then, if php stops working for some reason, the file is not in a readable place in the outside world, but PHP can include it on the site as needed.

Of course, someone can see that you included the file, but they would not be able to see the file itself, unless they had hacked your server (and not just Drupal), and in this situation you screwed up anyway.

+3
source

Using a configuration file is ideal for this type of information. However, running chmod 777 or 666 is a very bad idea. The problem is that both of these settings allow the GLOBALLY file to read / write. Thus, if you are on a shared host, then it is possible for another user in the system to access your file. When installing using the php chmod () function, run the chmod 500 command in the file. (500 should work in most cases, the most important part is that the last number is zero).

0
source

Source: https://habr.com/ru/post/1336491/

More articles:


All Articles