dcyuri7 Posted March 13, 2006 Share Posted March 13, 2006 I'm new to mysql/web interaction, but I keep getting the feeling that it is in some way "hackable". I mean... the username and password to access the db on my site are directly placed within the .php file that uses the data.Does anyone have any tips or reccomendations as far as security with access goes? Quote Link to comment Share on other sites More sharing options...
wickning1 Posted March 13, 2006 Share Posted March 13, 2006 The MySQL server should only be accepting connections from your web server. This is part of MySQL's user management. If you do not own the server, ask the owner to secure it for you.That way even if someone knows the user name and password, he still can't get in. Also it should be fairly difficult to get access to your PHP source. An attacker would have to get into the web server first. Quote Link to comment Share on other sites More sharing options...
fenway Posted March 13, 2006 Share Posted March 13, 2006 Agreed -- anything on the server is only as secure as your FTP/SSH passwords, depending on how you access it. And typically, MySQL will only allow localhost connections. If you're on a shared host, they usually only have a single MySQL server running, but their pretty good about keeping access to you DB limited to your account (though it might be possible to see the name of your DB). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.