MySQL Forums
Forum List  »  Newbie

Actual Newbie Question with mysql connect
Posted by: Michael Ross
Date: August 29, 2009 12:41PM

Thank you all for helping in advance. You may want to strangle me by the end of this circuitous question. Please speak slowly in small words on the response, cause this stuff is hard!

I am trying create a website that uses php to connect to a mysql database to view some of my awesome database content. At this point, I dont want no crazy hackers to do anything to my awesome content except to view it. For mysql connect, do I supply root username/password directly into php code? That feels like a bad idea. I am using Network Solutions as my hosting provider. This simple question points out my entire lack of coolness and understanding as I realize. So, lets continue with some more questions that may make me (and others) smarter.

If I create a database and then attempt to create a user for that database, where does that username/password go? Could I create a database user to use for my mysql connect connection to server? At this point just for viewing. But then, whatsay I would like to then create a database that is protected by a username and password (that has been salted, md5'ed x 10 and sha'ed till its blue in the face). I imagine their would be at the database level another database or table with the username and passwords right, but what about their intiial connection to the server? How does that work with connecting to the server? Would each person, regardless of their own username and password, connect to the mysql server initially with either the root or the watered down database user created?

I've been on zend.com and listened to their webinars, read up some about mysql inject, checking variables, etc. enough to have built up a rabid fear over the subject, but it feels that just getting out of the gates I'm giving away my root username and password. Everyone references placing the information for the server connection outside of the viewable root, but I dont think network solutions will allow me to do that. I've tred php.net, zend, w3schools, but they primarily give demos on working with local host, or blow by the php connect issue as it relates to the anonymous web browser and security, this may be because it is just that straight forward that chief little brain here can't grasp. Is it because php files are really not supposed to be "source" viewable? just one last question with that.. Are they really not source viewable? my host does have errors turned off, so that helps, so I guess you're not supposed to be allowed at the web server level to download php files for the viewing, is that how it works?

Thanks again. If you made it to this point, you need an award. I really do appreciate all the awesome work you guys are doing out there. It is a subject that fascinates me, and though I chose different career path, I still love engaging in this stuff.

Options: ReplyQuote


Subject
Written By
Posted
Actual Newbie Question with mysql connect
August 29, 2009 12:41PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.