Encryption of data introduced into Mysql database then read by PHP

Question

I am building my own game panel and it required the user to introduce into the database the user and password of their linux server. This will allow the game panel manage their servers. My problem now is this:

When the user introduces his linux user and password it is stored in plain text into database and then it is retrieved in the PHP script. However, if the database ever gets breached the hackers will be able to breach their servers as well and I want to avoid that at all costs.

At the moment I am using register and login system in which I implemented password_hash($password, PASSWORD_BCRYPT) and password_verify. I tried to use the method to my problem but it required user input in order to match the stored password with it.

All I need is to store an user and password into database in the most secure what that when a hacker manages to breach my database all the data there will be useless to him.

I am a newbie PHP web developer working with Javascript and BASH. I am still a newbie in these to fields as well. So if you can offer my newbie-friendly answers I would more than thankful to you. (as my first question was answered within hours I am positive I will find a solution to this one as well)

Answer 1

I'm getting informed on data encryption in these days as well, especially to implement the "Privacy by design" concept legally required by the GDPR (The EU General Data Protection Regulation).

Using PHP and MySQL there are two main ways you can encrypt your data, getting it ready to be stored into your DB:

1. Using MySQL functions AES_ENCRYPT / AES_DECRYPT
2. Using OpenSSL functions in PHP, in particular openssl_encrypt and openssl_decrypt (it provides, among others, an AES-256-CBC encryption). To know how to use it, you can have a look directly at the examples in the functions' documentation or check out this answer on StackExchange.

What I suggest you, if you have the opportunity, is to use Laravel and its encrypter, which provides all you need to easy encrypt your data using OpenSSL with AES-256-CBC.