How to store sensitive information on a hosting provider's servers?

Question

I'm using hostinger's Single Shared Hosting for my website. I have created a MySQL database and I need to have access to username and password in my PHP api endpoints. So, I created a /config.php file with -rw-r--r-- permissions:

<?php
    define("dbHost", "localhost");
    define("dbUsername", "XXXXXXXXX");
    define("dbPassword", "XXXXXXXXX");
?>

Is it a good way of storing such information?

Answer 1

You can't start without making a config file. But you can encrypt the data of your database. Below are a few simple steps to encrypt your data in MySQL 8.0. This process relies on a keyring file. This won’t meet compliance requirements (see KEY MANAGEMENT SYSTEMS below), but it’s a good first step.

• Check your version of MySQL. It should be MySQL 5.7 or 8.0. Pre-load the plugin in your my.cnf: early-plugin-load = keyring_file.so

Execute the following queries:

1. INSTALL PLUGIN keyring_udf SONAME ‘keyring_udf.so’;
2. CREATE FUNCTION keyring_key_generate RETURNS INTEGER SONAME ‘keyring_udf.so’;
3. SELECT keyring_key_generate(‘alongpassword’, ‘DSA’, 256);
4. ALTER TABLE titles ENCRYPTION = ‘Y’;

Per documentation warning: The keyring_file and keyring_encrypted file plugins are not intended as regulatory compliance solutions. Security standards such as PCI, FIPS, and others require use of key management systems to secure, manage, and protect encryption keys in key vaults or hardware security modules (HSMs).

I hope this article will work for you.