dcyuri7 Posted March 13, 2006 Share Posted March 13, 2006 I'm new to mysql/web interaction, but I keep getting the feeling that it is in some way "hackable". I mean... the username and password to access the db on my site are directly placed within the .php file that uses the data.Does anyone have any tips or reccomendations as far as security with access goes? Link to comment https://forums.phpfreaks.com/topic/4809-security-issues/ Share on other sites More sharing options...
wickning1 Posted March 13, 2006 Share Posted March 13, 2006 The MySQL server should only be accepting connections from your web server. This is part of MySQL's user management. If you do not own the server, ask the owner to secure it for you.That way even if someone knows the user name and password, he still can't get in. Also it should be fairly difficult to get access to your PHP source. An attacker would have to get into the web server first. Link to comment https://forums.phpfreaks.com/topic/4809-security-issues/#findComment-16976 Share on other sites More sharing options...
fenway Posted March 13, 2006 Share Posted March 13, 2006 Agreed -- anything on the server is only as secure as your FTP/SSH passwords, depending on how you access it. And typically, MySQL will only allow localhost connections. If you're on a shared host, they usually only have a single MySQL server running, but their pretty good about keeping access to you DB limited to your account (though it might be possible to see the name of your DB). Link to comment https://forums.phpfreaks.com/topic/4809-security-issues/#findComment-17109 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.