MySQL Forums
Forum List  »  Security

Re: database security
Posted by: Collins Abah
Date: March 29, 2005 08:22AM

Your must make ure the the codes that u will use to store ur connection to the database is in a secure place. The first best step is to disable ur FTP access for uploading and downloading cos hackers can hack ur FTP account get it into ur server file and the read ur server code (PHP, ASP, CGI) which u use to connect to ur database and then make a connection from a foreign IP into ur database...that leads us to step 2....make sure that u dont use ur superglobal user account accessing ur database and tables....create a new account that can only connect through local host and perform this main operations:

GRANT SELECT, DELETE, INSERT, UPDATE, LOCK TABLES
ON *.* TO user@localhost IDENTIFIED BY 'password';

Step 3 Filter ur user data before accepting it to ur database...cos some may be an SQL INJECTIONS that they can use and get information of ur database.

Escape ur datas with MYSQL_ESCAPE_STRING() then if u are using PHP for ur application use escapeshellcmd() and escapeshallarg() functions to avoid arbitrary commands and arguements to ur database from user input.

Hope this will help atleast for a start.

Options: ReplyQuote


Subject
Views
Written By
Posted
3134
December 15, 2004 01:16AM
Re: database security
2146
March 29, 2005 08:22AM
2185
April 14, 2005 01:27AM
2257
September 20, 2005 09:04AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.