MySQL Forums
Forum List  »  PHP

Re: Db access/privileges philosophy
Posted by: Rick James
Date: November 22, 2011 09:29PM

> Ok, I admit I can't follow you here clearly: if a hacker gets in... where?
I was thinking about SQL-injection. Limiting the privileges on the login that is used by PHP limits how much damage he could do. Think of it this way... avoiding root in the PHP script is one more layer of protection.

> Can't do that unfortunately... the users are not all in house...
Yes you can. The PHP code does the connecting, not the user.

> Anyhow it seems to me that the bottom-line is: limit access to your db via MySQL mechanism as much as possible (i.e. so far you can push it without removing functionalities you need) and ALSO implement these limitations - and eventually a finer set of rules - in the PHP application.
Yes.

I would say you have a better handle on what to do than most people who come to this forum.

Options: ReplyQuote


Subject
Written By
Posted
Re: Db access/privileges philosophy
November 22, 2011 09:29PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.