php - How to deal with passwords, API keys, etc in development stack? (git, webservers, etc) -


i'm planning large php project commercial website dealing bitcoin-related services. attractive target hackers.

besides making site secure possible, i'm wrapping head around things like: database logins , passwords, public + private keys, secret authentication keys remote apis or external services, ssh keys, bitcoin wallets, etc.

obviously need them somewhere within php sources. put secret or sensitive details in separate include file (e.g. 'passwords.php'), place outside of http document root. visitors can never directly access file itself.

but there's more:

  1. what hosting provider? of course have trust them if i'm hosting server them in first place, there can lower risk of employee abusing risky stuff such bitcoin exchange api keys?

  2. git repositories: if host git reposities remotely, should keep passwords.php file out of git repository, make sure data doesn't leak anywhere? (but how go version control or distribute team members?)

  3. strict communication policies: working multiple people, , want avoid ever emailing or plain-ftp'ing these sensitive details. people need access testing environment, not actual production server. how restrict access passwords.php (containing actual server logins etc) need it?

i have no clear idea yet how tackle these issues. have suggestions, or indication how set correctly?

this sounds quite undertaking. lots of risk involved. props going after goal.

as security, i'm no expert, best best heavy encryption. beyond that, think there vulnerabilities face when dealing external sources such isps , hosting providers. can't think that, , if can't it, need find new host.

i suggest hosting application using amazon web services. provide easy manage, secure, reliable web services. once start segmenting application out (db servers, cache clusters, media servers, etc) become less of 'i hope don't hacked' , more of 'i hope can manage crap myself!'.

i suggest seek seasoned full stack developer, or small team, emphasis on security , encryption. mtgox stuff went down treading down serious road, cautious , diligent. best of luck.


-

Popular posts from this blog

c# - ODP.NET Oracle.ManagedDataAccess causes ORA-12537 network session end of file -

overview i want replace oracle.dataaccess orcale. managed dataaccess, opening connection latter throws ora-12537 network session end of file exception. exception message / stack trace {oracleinternal.network.networkexception (0x000030f9): ora-12537 : netzwerksession: dateiende @ oracleinternal.network.readerstream.read(orabuf ob) @ oracleinternal.ttc.orabufreader.getdatafromnetwork() @ oracleinternal.ttc.orabufreader.read(boolean bignoredata) @ oracleinternal.ttc.marshallingengine.unmarshalub1(boolean bignoredata) @ oracleinternal.ttc.ttcprotocolnegotiation.readresponse()} i trying connect oracle 11g database , not have client installed on local machine. working test application (unmanaged) using oracle.dataaccess works fine . using system; using oracle.dataaccess.client; namespace app.odp.unmanaged { internal class program { private static void main(string[] args) { //dummy connection string
Read more

matlab - Compression and Decompression of ECG Signal using HUFFMAN ALGORITHM -

i want compress , decompress ecg signal stored text message text file , find out file size, cr,prd ratio,and qs. here code compression , decompression of ecg signal using huffman algorithm. i'm trying find out file size, compression ratio,prd ratio,qs. but error i'm getting the ecg file in text format. %clearing variables , screen enter code here clear all; close all; clc; [file1]=uigetfile('*.txt'); %fprintf('enter ecg file name :%s',file1); p=file1; t=sprintf('%s',p); b1=dlmread([file1]); len=length(b1); lead=input('enter lead number :'); %lead=str2double(lead); col2=b1(1:end,lead); e=fix(sqrt(len)); m=1; i=1:e j=1:e g2(i,j)=fix(col2(m)*1000); %amplifying 1000 m=m+1; end end g3=g2; i=1:e j=1:e
Read more

utf 8 - split utf-8 string into bytes in python -

i trying split utf-8 string bytes in python 3. problem is, when use bytearray, byte, encode etc functions array size of element 14 bytes, not 1 byte expected. need split text file sequence of bytes , send them byte after byte using sockets. tried this: infile = open (file, "r") str = infile.read() byte_str = bytes(str, 'utf-8') print("size of byte_str",sys.getsizeof(byte_str[0])) print gives me 14, need 1... suggestion? quoting official documentation : sys.getsizeof(object[, default]) return size of object in bytes. object can type of object. built-in objects return correct results, not have hold true third-party extensions implementation specific. only memory consumption directly attributed object accounted for, not memory consumption of objects refers to. if given, default returned if object not provide means retrieve size. otherwise typeerror raised. getsizeof() calls object’s __sizeof__ method , adds
Read more