Hudzilla.org - the homepage of Paul Hudson
Contents > Security concerns > Programming secure PHP Wish List | Report Bug | About Me ]

17.1.7     Restrict general database access

This is NOT the latest copy of this book; click here for the latest version.

MySQL's access control is very finely grained - you have got a great deal of control over who can do what, so you should take advantage of this to make sure you only allow in people you absolutely trust.

Be sure to remove the guest account, leaving only the root user plus any others you use. Secondly, if you are running your server locally and the PHP scripts are local also, you do not need to allow access to anyone from outside - disable accounts that do not have "localhost" as the host, and also consider blocking port 3306 (the MySQL port) on your firewall.





<< 17.1.6 Hiding PHP   17.1.8 Restrict PHP database access >>
Table of Contents
 Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.



My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!
Top-right shadow
 
Bottom-left shadow Bottom shadow

Comments from other readers
web hostee - 06 Sep 2008
for people who are using a web host instead of their own server:

not all web hosts allow you to define database users. my current web host only gives me one user for my database, but another hosted web site i had access to did allow creation of database users. at the minimum, you should at least have one user for your scripts with limited permissions, and another user for tinkering around with the database.

my advice is to shop around for a web host who does allow you to have more than one database user.



Add comment
Please note that by posting a comment here you are committing it to the public domain. This is important so that others can make use of your code themselves, and also so that I can incorporate helpful notes directly into the main text. Comments are limited to 2000 characters in length.

If you are reporting an error in the content, please tell me directly.

Your name/email address:
Your comment:
 
Now, in order to verify that you're a real person, please answer this simple question: what is zero plus six?
The answer is:
(please write in
numbers, eg 19)


Top-right shadow
 
Bottom-left shadow Bottom shadow

This website and its content is copyright © Paul Hudson 2005, all rights reserved.