Ok so I went through some things and made passwords more secure but still at a crossroads on some things. My shared hosting account at Godaddy does not grant me root user privileges to my db. So someone sending queries from my site has all the default privileges of MySQL 5.0. I was going to revoke all privileges except what the user needed minimally (likely just SELECT). I can't do that and even if I could, SELECT is still the danger, my main concern as a matter of fact.
So then I was thinking maybe I could provide security through the PHP script itself but after referring to Mike's post above, I realized no matter how possibly tight the script was, an attacker could write their own: "it's almost certainly possible for people to write PHP scripts that send such requests directly to that URL, so they could serve your data to their Javascript client." Now I believe I need protection on the server side but being on the shared hosted account I am not the Server administrator, nor will Godaddy bend to requests of changes. I believe if somebody ultimately wanted my whole database they could get at it in one request if they wrote their own script. I have a friend that hosts and he could probably help me with server side protection, maybe I will switch to him. I will also put up a copyright and live statement on how I feel about copying my data, plus insert sneaky points of data. Is that how you feel too? I need server side protection, to keep the whole of my database from being copied. That is exclusively what I'm worried about, my database being copied. Thank you everybody for your time. On Sep 28, 10:42 pm, Lan Mind <[EMAIL PROTECTED]> wrote: > I've signed up for Google Analytics and enabled the "Site Search" > feature but am not sure if that will do in my case. I hope it picks up > the queries sent by the PHP so I can see them. I'm not sure if it'll > work because it seems the "Site Search" feature is aimed at site > specific search engines eg: A Google search box on a personal site. > > https://www.google.com/support/googleanalytics/bin/answer.py?answer=9... > > On my site PHP is sending queries to the MySQL db. > > Ty everybody, I'll be asking about code related to this db security in > later installments! : ) > > On Sep 28, 11:05 am, Lan Mind <[EMAIL PROTECTED]> wrote: > > > Ok, it is a shared hosted account so it likely is that. > > > On Sep 28, 6:42 am, "maps.huge.info [Maps API Guru]" > > > <[EMAIL PROTECTED]> wrote: > > > You should look at your web logs for information about hits against > > > your site, not a MySQL statistic. Like Marcelo said, it could be a > > > combined number from multiple sites, a site log will tell you exactly > > > what traffic you're getting, from who and what they are up to. > > > > -John Coryat > > > >http://maps.huge.info > > > >http://www.usnaviguide.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
