December 15th, 2013, 10:58 AM
Making An Installation
So, I am making a script that involves the user to go through a site installation.
I need the user to input there MySQL details in order to connect, but where do I store their MySQL details. I can't store their MySQL details in MySQL itself because when they are connecting to MySQL once they have installed, there is no way the system could connect to SQL because the information is inside MySQL and it cant get the right information to connect.
December 15th, 2013, 11:37 AM
you store the data in a file as JSON, YAML, XML or whatever format you like best.
December 16th, 2013, 09:10 AM
There's two ways to go about this:
1) Your script's installation instructions contain copy/pastable commands that the user can paste into MySQL to create you a database, user, permissions, etc. Then your installer script uses that user/pass to create all its tables and lines. This has a security problem in that the password is always the same. You can mitigate that by telling the user to create their own secure/random password when creating the user, then have them put that password manually into a file in your script, or accept it as form input during the next step.
2) Accept their mysql root username and password (or some other account with create database, create user, and grant permissions) into a form input, then use that to create yourself a database, its tables, your app's username and password, and appropriate permissions. Then discard their credentials and only use your own from then on. This may make people nervous, giving your script access to a powerful database user. However, it also means you can use a random password that's unique to every installation so every copy of your script in the world isn't easy to break into. Many frameworks and CMSes work like this.
Last edited by ManiacDan; December 17th, 2013 at 09:16 AM.
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question
or you're a Help Vampire.
Trying to argue intelligently? Please read this.
December 16th, 2013, 12:51 PM
No, you never give root access to any script. This allows the script to read or change any data in any database, create "backdoors" etc. No PHP script is that trustworthy, especially if you've downloaded it somewhere from the Internet (as your users will have).
Instead, do what all current applications do: You ask the user to provide a database and a user with sufficient permissions (CREATE TABLE etc.). And then you create the tables and store the credentials in some text file.
For extra security, the application user may remove the unnecessary rights after the installation procedure.
Last edited by Jacques1; December 16th, 2013 at 12:53 PM.