If your client's friend wants to do learning/development, let him load
PHPTriad, FoxServ, or one of the other trinity setups onto his
computer.

It is truly remarkable that you/your company would even consider such a
request for longer than it takes to say: Never in a million years.

Also, if I were running security at your site, I would closely monitor
that client's activities on the system assuming that's how you are set
up.  That is a loose cannon out there.

Doug

On Mon, 10 Feb 2003 10:29:18 -0600, Terry Romine wrote:

>I'd like to get some opinions from the list.
>
>We run php/mysql on our linux servers located behind a firewall. Many 
>of our clients have scripts that access their databases via php running 
>on the hosting server, and the general access is set up as:
>
>       $hostname = "localhost";
>       $database  = "clientsDB";
>       $username = "client";
>       $password = "********";
>
>       etc..
>
>One of our clients has a friend who wants to do some php/mysql and has 
>asked for access to the database. We gave them the information above, 
>and he complains that "localhost" is insufficient. We think that if he 
>is requesting "servername.domain.net:accessPort" that that gives him 
>access through the firewall. Instead, he should upload his scripts 
>using ftp and use localhost, as all our other clients do.
>
>What is the general consensus?
>
>If giving an outsider this kind of access just asking for trouble?
>
>Terry



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to