I think if I granted the apache user appropriate privileges and used the ident authentication method, that would make the connection more secure because then the password wouldn’t need to be stored in a connection string (which might possibly leak if there is a PHP error or Apache misconfiguration and the PHP code is accidentally sent to the client).
Also, that way the security of the connection would depend on how secure the host system is. I disabled root login over ssh and only permit public key authentication so I think it is pretty secure.
Does this have any significant security benefits or is it just wishful thinking? Is it necessary at all?
If your DB is only listening on localhost (and it should be if at all possible) then it doesn’t make tons of difference how you auth to it. If the attacker breaks in, they’re likely to break in via the public services … in your case Apache/PHP. In that case they’re going to have access to the DB via whatever auth method you use, because they have access to whatever your Apache/PHP setup has access to.
It’s more important to make sure that your app doesn’t allow arbitrary SQL to pass through or allow SQL injection, remote code inclusion, etc, so the attacker doesn’t get local access to the host.
I’d prefer to use
md5anyway – because the password is no value if stolen when they can’t connect from anything except 127.0.0.1, and it means they have to go to the effort of extracting the password from a script (or escalating privs) in order to get into the DB if they do manage to exploit the web server or scripts running on it. Just having ident as Apache won’t be enough.More importantly, it allows you to compartmentalise access by application, so MyTicketTracker that you wrote on a drunken weekend as a tool to play with SQL injection doesn’t have access to the same DBs as TheCriticalAccountingApplication. It won’t stop a determined attacker, but it might slow a casual one down a bit.