Re: database security
Your must make ure the the codes that u will use to store ur connection to the database is in a secure place. The first best step is to disable ur FTP access for uploading and downloading cos hackers can hack ur FTP account get it into ur server file and the read ur server code (PHP, ASP, CGI) which u use to connect to ur database and then make a connection from a foreign IP into ur database...that leads us to step 2....make sure that u dont use ur superglobal user account accessing ur database and tables....create a new account that can only connect through local host and perform this main operations:
GRANT SELECT, DELETE, INSERT, UPDATE, LOCK TABLES
ON *.* TO user@localhost IDENTIFIED BY 'password';
Step 3 Filter ur user data before accepting it to ur database...cos some may be an SQL INJECTIONS that they can use and get information of ur database.
Escape ur datas with MYSQL_ESCAPE_STRING() then if u are using PHP for ur application use escapeshellcmd() and escapeshallarg() functions to avoid arbitrary commands and arguements to ur database from user input.
Hope this will help atleast for a start.
Subject
Views
Written By
Posted
3238
December 15, 2004 01:16AM
Re: database security
2215
March 29, 2005 08:22AM
2248
April 14, 2005 01:27AM
2302
September 20, 2005 09:04AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.