Securing DB Credentials Options
1- use one time open_ssl encryption at CodeIgniter side and get db password and username ecryption values and use this in our global plugin
This is not full proof but can hide textual reprenstation of db credentials.
Although open_ssl library is usually avaliable for php 7.2+ everywhere but it also depend on consumers server if open_ssl is active or not.
Although we can try other encryption/decryption method.
2-We can replace our direct db access to remote api like we will remove direct db exposer from plugin and create rest api at CodeIgniter side for each db related operations.
But this option can take time to create rest apis for every operation
Correct above so that client can understand it properly
—
We have two possible options to secure the external database credentials used in our global WordPress plugin:
**Option 1: One-time OpenSSL Encryption**
We can use one-time encryption using OpenSSL on the CodeIgniter side to generate encrypted values for the database username and password. These encrypted values can then be stored and used in the plugin, which will help obfuscate the plain-text credentials.
While this approach adds a layer of security, it is not completely foolproof since the decryption logic still resides in the plugin. Also, although the OpenSSL library is commonly available on PHP 7.2+ environments, its availability ultimately depends on whether it is enabled on the end user's server. We can also explore other encryption/decryption mechanisms if needed.
**Option 2: Use Remote API Instead of Direct Database Access**
Instead of embedding the database credentials in the plugin, we can shift all database operations to a remote API layer. In this setup, the plugin will communicate with a secured API (developed in CodeIgniter), which will handle all database interactions.
This method significantly improves security by eliminating the need to expose database credentials in the plugin. However, it requires additional time and effort to implement separate REST APIs for each database operation currently being handled directly.
—
Let me know if you’d like this message tailored further for a presentation, proposal, or email.
—
We have two options to secure the external DB credentials used in our WordPress plugin:
**1. One-time OpenSSL Encryption:**
We can encrypt the DB username and password using OpenSSL on the CodeIgniter side and use the encrypted values in the plugin. This hides plain-text credentials but isn't fully secure, as decryption logic will still be in the plugin. Also, OpenSSL must be enabled on the server, which may vary.
**2. Use Remote API:**
Instead of direct DB access, we can create REST APIs on the CodeIgniter side for all DB operations. The plugin will interact with these APIs, removing the need to store DB credentials. This is a more secure solution but requires time to develop the necessary APIs.