Jump to content

Save the secret key in db?


Amit Kumar Mishra

Recommended Posts

No, you shouldn't save the system key from /config/blesta.php to your database. It would be a good idea to back up this file & key to your computer or to some other media. If your database were compromised but not your file system, the attacker could not decrypt the encrypted data. But if you put your key in your database, then.. no such protection.

Just make sure to back up files + database.

Link to comment
Share on other sites

hi @Paul, and even other may join in to comment and help me achieve what we are looking at

so would you advice some kind of a secret different database, having some different named tables to store it, so that the outside can communicate with the table/db and the needfull be done, without the hacker/cracker getting to know the clue of what this field is?

let me know if this would be okay

i may, on this, share a few screenshots as soon as we get on to the best advice implemented...

and believe me all, you are all going to love it,  what we are trying to achieve, not sure all will, but i feel so

Link to comment
Share on other sites

9 minutes ago, Amit Kumar Mishra said:

hi @Paul, and even other may join in to comment and help me achieve what we are looking at

so would you advice some kind of a secret different database, having some different named tables to store it, so that the outside can communicate with the table/db and the needfull be done, without the hacker/cracker getting to know the clue of what this field is?

let me know if this would be okay

i may, on this, share a few screenshots as soon as we get on to the best advice implemented...

and believe me all, you are all going to love it,  what we are trying to achieve, not sure all will, but i feel so

No I wouldn't recommend storing it anywhere in your database or anywhere besides where it's currently stored (in /config/blesta.php). Other than an offline backup someplace.

What are you trying to accomplish? For what reason do you want to access the system key through mysql?

Link to comment
Share on other sites

Hi there, if this is the same thing you private messaged us about then knowing the actually key is not necessary, you can using the API as we described.  However, if this is in fact a plugin, and not external software, then you should follow the documentation here for creating a Blesta plugin.  It should make you life easier by giving you easy access the Blesta models, helpers, and components without having to go through the API.

Link to comment
Share on other sites

It's going to take some thinking to determine what the best route to follow is for what you're doing, but your best option is probably going to be to write a plugin and provide end-points to that plugin via the API or web to perform your new functionality. Plugins in Blesta can access the configuration setting to get the key as-is, so that shouldn't be a problem.

I'd be curious to know why accessing the key from a database table would work, but an API call to a plugin wouldn't.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...