Jump to content

Archived

This topic is now archived and is closed to further replies.

dcyuri7

Security Issues

Recommended Posts

I'm new to mysql/web interaction, but I keep getting the feeling that it is in some way "hackable". I mean... the username and password to access the db on my site are directly placed within the .php file that uses the data.

Does anyone have any tips or reccomendations as far as security with access goes?

Share this post


Link to post
Share on other sites
The MySQL server should only be accepting connections from your web server. This is part of MySQL's user management. If you do not own the server, ask the owner to secure it for you.

That way even if someone knows the user name and password, he still can't get in. Also it should be fairly difficult to get access to your PHP source. An attacker would have to get into the web server first.

Share this post


Link to post
Share on other sites
Agreed -- anything on the server is only as secure as your FTP/SSH passwords, depending on how you access it. And typically, MySQL will only allow localhost connections. If you're on a shared host, they usually only have a single MySQL server running, but their pretty good about keeping access to you DB limited to your account (though it might be possible to see the name of your DB).

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.