Manual:Securing database passwords

LocalSettings.php
LocalSettings.php contains MySQL database user IDs and passwords. Keeping these passwords in LocalSettings.php is risky because php files can be served as plain text under several different conditions revealing your wiki admin account to the world. If you want to keep your admin account a secret remove them from LocalSettings.php

LocalSettings.php can be served as plain text if:
 * Php is disabled on the server
 * Php itself breaks
 * You have cgi search.pl (a common cgi search script) anywhere in that domain. Description of exploit.

Verify that apache can gain access to this file, and only administrators have access to this file when logged in.

Keep Mysql Passwords Out Of Webroot
You should never put your mysql passwords in a text file that is within the web root. You can avoid doing so by doing this:
 * 1) Make a directory outside your web root. For example, if your website is located at "/htdocs/www-wiki", then make a directory called "external_includes" outside of your webroot:
 * 2) mkdir /external_includes
 * 3) Create a file in the directory you just made called something like "mysql_pw.php" and place a variable on a separate line for each of your mysql user name, password, hostname, and database name, each variable being set to the real values. For example, using nano as your editor:
 * 4) nano /external_includes/mysql_pw.php
 * 5) Type the following lines using the real values of course in place of the bracketed "mysql_" fillers:
 * 1) Take care to leave no whitespace (blank lines) after the text.
 * 2) Save and close the file. In nano this is: Ctrl+O and Xtrl+X

Check with your distro for what the webserver's user is (this varies, examples include "apache", "nobody","httpd"). Then set the permissions for the password file like so: chgrp apache mysql_pw.php chmod 640 (removes the access rights from other and write rights from webserver) (probably repeat with g-rxw ... for LocalSettings.php ) make sure that u has r (or chmod 400 LocalSettings.php)


 * Edit your LocalSettings.php file and add the following line in the beginning of the file:
 * require_once("[FULL ABSOLUTE PATH TO mysql_pw.php]") (in our example this would be: require_once ("/external_includes/mysql_pw");

$wgDBserver $wgDBname $wgDBuser $wgDBpassword
 * Now remove these variables from LocalSettings.php:

This way if somebody is able to access and display LocalSettings.php, all they will see is some settings rather than the password, username, etc. to your mysql database and the real file containing that information is off limits to the web server. You still need to make sure LocalSettings.php is only readonly to the apache user as described above.

NOTE. If you are doing these changes and do not have access to the users because you web server provider does not let you, then, from ftp the minimum rights you have to set for your "external_includes" are: "rwx--x--x" (711). For the file "mysql_pw.php" you will have to set "rw-r--r--" (644), otherwise your wiki will not run. Still, your password is secure because the file with critical info is out of web access.

If you can't create any files outside of your webroot, you can still achieve some protection by going through the process above and using a filename like ".htdbpasswd" inside your webroot instead of "mysql_pw.php", as most webservers are configured to deny access to any files beginning with .ht*

PHP breakage security problems
If your php breaks, it will serve LocalSettings.php as a regular file, giving the world your wiki database password!

Fix
(may break elsewhere!)

Replace sapi_apache2.c with mod_php4.c for apache 1.3

Replace sapi_apache2.c with mod_php5.c for apache 2

This won't work on webservers using CGI or FCGI to server php scripts.