[Fwd: Re: php, mysql security question]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oops.  For some reason my filter concluded your email was spam and it modifies the subject line.  I missed  cleaning the subject line on the first reply.  Here is is again in case others filter on that keyword.  I apologize for the double post and possible confusion.
\Doug

JeRRy wrote:
Hi,

I have a php, mysql security question.

You know how there is a way to enable/disable hot
linking to your images via CPanel to allow/disallow
people to link to your images from an external site? Well is there a way to allow/disable external sites
connecting to a mysql via PHP?


So is there a way to allow only localhost access to
the db's somehow?

I wonder this to add extra security to my db's and not
only that to educate others on this list if it is
possible or not.

Thanks for your time.

J

Even if your db server doesn't sit behind a firewall, you can always restrict what userid/password/address combinations can gain access to what DB / Tables / Columns and what functions they can perform (select, insert, update, etc.) in those areas using the MySQL administration features. I have different PHPUsers for my scripts that have varying levels of authorization to coincide with what the scripts need to do -- Select (read only), Update (can only revise existing records), Insert (can add new new records), etc. All the db_connect scripts are well_outside the public areas to minimize opportunities to compromise the userid/pw.


Start here: http://www.mysql.com/doc/en/Security.html

All of which forces the conclusion that this isn't a PHP issue at all.


DT


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux