This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Secure Application Configuration and State Library
Introduction
new \PDO ("mysql:dbname='pdo_mysql';host='localhost';", "root", "myPassword");
In any application there are several lines, as the one given above, that contains some data that are extremely sensitive and not to be seen. Nevertheless, they have to be in files and codes for the application to work properly (In the above case, to create a successful connection to the DB). These confidential data if compromised, has the potential to end the life-time of the application. The attackers can use the password for anything ranging from passive monitoring to actively deleting all the data. That's enough to bring a company down. For this reason, these sensitive data needs to be protected. The function of this library is to protect these data from being stolen.
What is sensitive ?
A sensitive piece of data is any data that if known publicly, can aid in unauthorized access or kind of malfunction in the system. The range of this data can be from "passwords" to "configuration files". Data such as version no, file locations etc can be harmful. Thus, they can also be treated as sensitive. Overall, the term is very vague and its meaning cannot be made clearer until a context is provided. Thus, the developers can assume any data to be sensitive which they feel no one else must know.
Requirements
For this library to work, there is one and only one requirement - that the files must be writable. We also understand that in main server this is not true for most of the time. In those cases, the developers must encrypt the values by hand and the decryption will be performed by the function. If however, the files are writable, this function will work and will encrypt the sensitive values in replace them in the file.
PHPSEC Secure Application Configuration and State Library Implementation
This work-flow of this library is pretty simple, but yet powerful. When the file is run for the first time in the server, it will contain sensitive data. However all those places which are sensitive, will be using this function "confidentialString()". So, in the first run, this function, wherever found, will replace that sensitive value with its corresponding encrypted value. Since second run, wherever this value is needed, the encrypted value will again pass through this function, get decrypted and used. Please note that the value in the file is not getting replaced again with the decrypted value, but is used as a variable which gets destroyed once the program execution stops.
For encryption we are using PHP's "mcrypt()" function. Default cipher used is "MCRYPT_RIJNDAEL_256" in "cbc" mode. However, these parts are configurable. The developers are free to choose their own schemes. As described earlier, this function needs the files to be writable. If not, this function throws a "FileNotWritable" exception. If that is the case, then the developers will need to place the encrypted value of the confidential strings manually everywhere.