I am about to start building a site with MySQL/PHP.
I want the database to be accessed both from outside a firewall (from any computer on the internet) but also from behind a firewall.

My idea is to have two different users that can gain access to the database through PHP (mysql_connect). One user (on the pages accessed from the outside) should only have SELECT privileges. This means that the pages I create can only be of the type that provides information FROM the database. But that's perfectly OK.

But on the inside I will have a user that (on some pages) can also UPDATE, DELETE and INSERT. I will have admin-pages that can edit data in the database here.

I am not a security expert but it sounds pretty secure to me. I understand that a hacker may be able to force SQL-injections from the outside that can SELECT data that I don't want him to see. And I will of course add mysql_real_escape_string etc to prevent that. But can he also in some way edit the database although there are no pages that have any other privileges than SELECT?

What more should I consider doing?



Edited 1 time(s). Last edit at 02/06/2011 03:32AM by Max Cheenten.