Jump to content


Security Issues

  • Please log in to reply
2 replies to this topic

#1 dcyuri7

  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 13 March 2006 - 07:09 AM

I'm new to mysql/web interaction, but I keep getting the feeling that it is in some way "hackable". I mean... the username and password to access the db on my site are directly placed within the .php file that uses the data.

Does anyone have any tips or reccomendations as far as security with access goes?

#2 wickning1

  • Members
  • PipPipPip
  • Advanced Member
  • 405 posts

Posted 13 March 2006 - 02:16 PM

The MySQL server should only be accepting connections from your web server. This is part of MySQL's user management. If you do not own the server, ask the owner to secure it for you.

That way even if someone knows the user name and password, he still can't get in. Also it should be fairly difficult to get access to your PHP source. An attacker would have to get into the web server first.

#3 fenway

  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 13 March 2006 - 07:41 PM

Agreed -- anything on the server is only as secure as your FTP/SSH passwords, depending on how you access it. And typically, MySQL will only allow localhost connections. If you're on a shared host, they usually only have a single MySQL server running, but their pretty good about keeping access to you DB limited to your account (though it might be possible to see the name of your DB).
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users