Ask a Question Register Login

php - Encrypt configuration from everybody including developer

325

I'm developing an app which require integration with finance institution, due to their lack of API I access them thru simple curl which need to specify the username and password of my finance institution in the configuration.

Now this configuration will be different during development and production environment. During production the client will specify their own username and password, but in case there is a problem we developer would sometime require to access the code, which is possible to see their username and password.

For security and integrity I prefer that the configuration is encrypted so we only see an encrypted value which is protected them from big hole. And when they want to change the value the need to input the password to decrypt, but then again I need to save the decrypt password in db or text which compromise their security again.

And second because the configuration is encrypted, during application usage the config must be decrypt so that the code can access the service, which is again I somehow need to save the decrypt password in db or text.

For above situation encryption doesn't seem to have the full solution. Is there a theory to implement this ( blocked text above ) ?

Currently our app is in LAMP environment.

People are also looking for solutions to the problem: PHP + MySQL Database Insert Each Line

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.