I’m building a site (in PHP) that talks to Twitter on behalf of my users, and, in dealing with the OAuth stuff, I’m trying to do a reasonable job of security around the tokens. I’m an admitted newbie at this, so I’d appreciate any comments on the adequacy of the approach I’m taking:
The users’ oauth_tokens and oauth_token_secrets are encrypted via mcrypt and RIJNDAEL-256, and stored in a database (mysql).
The encryption key for dealing with the tokens is kept in a file outside of webroot, and gets loaded when it’s needed for en/decryption.
I have also put into a file outside of webroot my app’s Twitter consumer key and consumer secret, and the oauth_token and oauth_token_secret for the user account associated with my Twitter application. I have not encrypted any of these, under the rationale that the encryption key is in the same place as these tokens, and there’s no point in locking a door if you’re leaving (have to leave?) the key right next to it. If a bad guy has gotten that far into my system, the game’s kinda over. (Or so I think.)
The database credentials are unencrypted and kept in yet another file outside of webroot.
Like I said, does this seem reasonable? I’m maybe especially concerned about leaving some things unencrypted; insight and wisdom about this or anything else are more than welcome (that’s the whole point of this post); thanks very much!