If your client's friend wants to do learning/development, let him load PHPTriad, FoxServ, or one of the other trinity setups onto his computer. It is truly remarkable that you/your company would even consider such a request for longer than it takes to say: Never in a million years. Also, if I were running security at your site, I would closely monitor that client's activities on the system assuming that's how you are set up. That is a loose cannon out there. Doug On Mon, 10 Feb 2003 10:29:18 -0600, Terry Romine wrote: >I'd like to get some opinions from the list. > >We run php/mysql on our linux servers located behind a firewall. Many >of our clients have scripts that access their databases via php running >on the hosting server, and the general access is set up as: > > $hostname = "localhost"; > $database = "clientsDB"; > $username = "client"; > $password = "********"; > > etc.. > >One of our clients has a friend who wants to do some php/mysql and has >asked for access to the database. We gave them the information above, >and he complains that "localhost" is insufficient. We think that if he >is requesting "servername.domain.net:accessPort" that that gives him >access through the firewall. Instead, he should upload his scripts >using ftp and use localhost, as all our other clients do. > >What is the general consensus? > >If giving an outsider this kind of access just asking for trouble? > >Terry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
