Oops.  For some reason my filter concluded your email was spam and it modifies the 
subject line.  I missed  cleaning the subject line on the first reply.  Here is is 
again in case others filter on that keyword.  I apologize for the double post and 
possible confusion.

JeRRy wrote:

I have a php, mysql security question.

You know how there is a way to enable/disable hot
linking to your images via CPanel to allow/disallow
people to link to your images from an external site? Well is there a way to allow/disable external sites
connecting to a mysql via PHP?

So is there a way to allow only localhost access to
the db's somehow?

I wonder this to add extra security to my db's and not
only that to educate others on this list if it is
possible or not.

Thanks for your time.


Even if your db server doesn't sit behind a firewall, you can always restrict what userid/password/address combinations can gain access to what DB / Tables / Columns and what functions they can perform (select, insert, update, etc.) in those areas using the MySQL administration features. I have different PHPUsers for my scripts that have varying levels of authorization to coincide with what the scripts need to do -- Select (read only), Update (can only revise existing records), Insert (can add new new records), etc. All the db_connect scripts are well_outside the public areas to minimize opportunities to compromise the userid/pw.

Start here: http://www.mysql.com/doc/en/Security.html

All of which forces the conclusion that this isn't a PHP issue at all.


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to