My app stores data in a mysql database called mainDatabase that is accessed using credentials in a config.php. For example:
$mainDatabaseUsername = "abc";
$mainDatabasePassword = "123";
There are 5 admin accounts on the app that each have their own clients to manage. For data segregation requirements, each admin’s clients must be stored in a separate database with a unique username and password. This requires 5 more usernames and passwords, for example:
//Admin1 (database called databaseAdmin1)
$userNameAdmin1 = "admin1";
$pwdAdmin1 = "...";
//Admin2 (database called databaseAdmin2)
$userNameAdmin2 = "admin2";
$pwdAdmin2 = "...";
...
//Admin5 (database called databaseAdmin5)
$userNameAdmin5 = "admin5";
$pwdAdmin5 = "...";
What is the best practice for storing the passwords for each admin database?
Some possible solutions:
- Add the 5 passwords directly to the config.php file with no encryption
- Store the passwords in mainDatabase in a new mySql table (with no encryption)
- Store the passwords in mainDatabase in a new mySql table (with some kind of salt or encryption that I can decode later when I access the client database)
Please note – here in this example, there are 5 admin users. In reality their are likely to be 20 rising to 50.
Thank you