> up until now! Dumb now I realize, thanks for pointing that out. I've > created a new root pwd, and created a user with access only to the "alumni"
If you want to be super secure you should create several users. Once for SELECTing, one for INSERTing, etc. Juggling resource handles gets tricky though. But basically the idea is this: If a user or viewer of your site can figure out what you're using to select from / whatever in the database, they may try passing a query into the database. For instance, if you were using a form for email, a user might type in the following Email: "; DROP TABLE *; You'd basically lose your database (and any other databases if you're using your root account!). So you should check all input from the user so that all "s are escaped and all 's are escaped, etc. Also, limiting permissions helps. For instance, if one user is used for SELECTs then a hacker could not drop a database. Same goes with other things. Just some things to think about. There are many many more things you should be doing, but they're too extensive to list here. -Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
