Some security questions

[piotrekxxxxxx]

Hi,

 

I have few questions regarding security:

MySQL

- what is the best place to create a table with user's details (including passwords), I mean would it be the same database as the other tables used on particular website, or better to create another DB

- how secure is mySQL - if I create user ID used to create accounts/validate logons, how possible is somebody will get this detail

 

others:

- what is the best method of payment can be added on website, I mean secure at first place, then easy to code. I was thinking about PayPal, but I am not sure if this will not stop potencial customers from doing business as this is another account to be created. Is there any easy and secure way of adding credit card payment on the website?

 

I am not complete novice, but I have never been thinking about security like this as I did not have a need. I would appreciate some kind of pointing me out in right direction with this.

[Eiolon]

There is a lot to consider for security, MySQL is only a small portion of your concern.  It doesn't matter if you make MySQL itself unhackable, you still have to consider PHP security, Apache or IIS security, operating system security and then the front-end code security.  All these things interact with MySQL and if someone finds an exploit in just one of those they can make MySQL think it's being legitamently accessed.

 

My advice is, if you don't want to put in the time to learn all of that, and since you are dealing with sensitive information, you should hire a professional.