I have a php, mysql security question.
You know how there is a way to enable/disable hot
linking to your images via CPanel to allow/disallow
people to link to your images from an external site? Well is there a way to allow/disable external sites
connecting to a mysql via PHP?
So is there a way to allow only localhost access to the db's somehow?
I wonder this to add extra security to my db's and not only that to educate others on this list if it is possible or not.
Thanks for your time.
Even if your db server doesn't sit behind a firewall, you can always restrict what userid/password/address combinations can gain access to what DB / Tables / Columns and what functions they can perform (select, insert, update, etc.) in those areas using the MySQL administration features. I have different PHPUsers for my scripts that have varying levels of authorization to coincide with what the scripts need to do -- Select (read only), Update (can only revise existing records), Insert (can add new new records), etc. All the db_connect scripts are well_outside the public areas to minimize opportunities to compromise the userid/pw.
Start here: http://www.mysql.com/doc/en/Security.html
All of which forces the conclusion that this isn't a PHP issue at all.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php