Read files from a secure folder with PHP in IIS 10
Hello everyone,
I think I know the answer beforehand but I have to ask anyway. Is there ANY possible scenario where I keep my passwords (for LDAP, SQL, etc) in some sort of encrypted way in my server running Windows Server and IIS?
Here's the deal. I'm making a corporate intranet site for my company in PHP and they want me to have all the passwords for all the services in different files that even I will not be able to access or, if I do, I can't "read" the passwords because they are encrypted.
I suppose encryption is out of the way as I would have to know the "salt" and unencription method to actually be able to use those passwords but I was thinking that, being under a Windows enviroment, I could have PHP read the values from some TXT files in a directory where I couldn't get access to. Is that possible to do in IIS? Could one PHP file get the neccessary permission to read a TXT file in another local/remote server so it can read the different passwords from different files?
It's not exactly the kind of security they're asking me (they love encryption) but in this way, I think I might be able to convince them. They do not even believe having these files outside the root folder for the site is secure enought as I will be able to read them (LDAP user for example needs to have a non-expiring password that I can't get).
Thanks in advance.
I think I know the answer beforehand but I have to ask anyway. Is there ANY possible scenario where I keep my passwords (for LDAP, SQL, etc) in some sort of encrypted way in my server running Windows Server and IIS?
Here's the deal. I'm making a corporate intranet site for my company in PHP and they want me to have all the passwords for all the services in different files that even I will not be able to access or, if I do, I can't "read" the passwords because they are encrypted.
I suppose encryption is out of the way as I would have to know the "salt" and unencription method to actually be able to use those passwords but I was thinking that, being under a Windows enviroment, I could have PHP read the values from some TXT files in a directory where I couldn't get access to. Is that possible to do in IIS? Could one PHP file get the neccessary permission to read a TXT file in another local/remote server so it can read the different passwords from different files?
It's not exactly the kind of security they're asking me (they love encryption) but in this way, I think I might be able to convince them. They do not even believe having these files outside the root folder for the site is secure enought as I will be able to read them (LDAP user for example needs to have a non-expiring password that I can't get).
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: 'David Favor' (https:#a42837943)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: 'David Favor' (https:#a42837943)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
For completeness, answering last question, "That's why I also asked if one of my files in PHP (in IIS) could have access to a folder where the "service" user password could be stored, so I don't have access to it."
Better to talk about file access by user level.
Admin users of root/wheel can access everything.
Non-Admin users generally can't access everything.
So if by "so I don't have access to it" the "I" here means a Non-Admin user, blocking access is trivial + handled by chown + chmod.
If by "I" you mean a root/wheel user, this requires a new question as this can be done + is complex/costly to implement/maintain.
What this option requires is partitioning sensitive data from normal Admin users, like banks must partition account data from normal administrative users on a network.
Best to only begin this process if you have massive time/budget/will/expertise
Better to talk about file access by user level.
Admin users of root/wheel can access everything.
Non-Admin users generally can't access everything.
So if by "so I don't have access to it" the "I" here means a Non-Admin user, blocking access is trivial + handled by chown + chmod.
If by "I" you mean a root/wheel user, this requires a new question as this can be done + is complex/costly to implement/maintain.
What this option requires is partitioning sensitive data from normal Admin users, like banks must partition account data from normal administrative users on a network.
Best to only begin this process if you have massive time/budget/will/expertise
Did you try VLOOKUP formula?
https://www.ablebits.com/office-addins-blog/2017/02/22/vlookup-multiple-values-excel/
https://www.ablebits.com/office-addins-blog/2017/02/22/vlookup-multiple-values-excel/
ASKER
The thing is that the password they want to keep hidden is the password for the LDAP user. Not the users that will log in using LDAP, but the main "service" user that will be used to run my site (LDAP, SMTP, etc.).
That's why I also asked if one of my files in PHP (in IIS) could have access to a folder where the "service" user password could be stored, so I don't have access to it. Only my site. I know, I could just echo it to see it but, it appears they don't know that (:facepalm)