#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Georgia
    Posts
    2
    Rep Power
    0

    database and php security


    I am a web hosting reseller and I have a possible client asking about security for his data stored in a MySql database and accessed by php. This data will be from a small county government and will only contain public documents.

    Each domain on my host gets its own database but no control over the database installation so I really don't know - besides the version - what I'm looking at.

    I know to use phpinfo file to get that info. I know that the databases are all accessed via localhost, php 4.2.3 is operating in safe mode and the mysql version is 3.23.39.

    What else can I tell about the possible security problems with this system by looking at the info file?

    Secondly, I use a wide variety of php open source code on this server and I have no earthly idea how safe this stuff is. I am no programmer but I'm learning fast how to work with already made files.

    Please, some words of advice!
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jan 2003
    Location
    No es importante
    Posts
    2,065
    Rep Power
    14
    You can restrict access to the MySQL server to either localhosts or from the webservers. If it is possible I would recommend using ssl to run your scripts.
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Georgia
    Posts
    2
    Rep Power
    0
    Okay, localhost is what is happening. I can to go to ssl as well when accessing and using the admin functions. Anybody else got words of wisdom? Thank you, Victor
  6. #4
  7. Full Access
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jun 2000
    Location
    London, UK
    Posts
    2,019
    Rep Power
    16
    Each domain on my host gets its own database but no control over the database installation so I really don't know - besides the version - what I'm looking at.
    What are you looking for?
    I know to use phpinfo file to get that info. I know that the databases are all accessed via localhost, php 4.2.3 is operating in safe mode and the mysql version is 3.23.39.
    Both PHP and MySQL can be upgraded to more recent (and probably more secure) versions, as you are not running the latest stable version of either.

    What else can I tell about the possible security problems with this system by looking at the info file?
    Probably not a great deal. The security of each aspect of your system would need to be analysed by a professional in order to highlight areas of weakness.
    Secondly, I use a wide variety of php open source code on this server and I have no earthly idea how safe this stuff is. I am no programmer but I'm learning fast how to work with already made files.
    Since PHP runs with the privileges of the web server, this limits the amount of damage it can do to the amount of damage that the "nobody" user can do - however this depends very much on what this user can do with regards to reading and writing files. For example, users can overwrite each other's files via PHP if their permissions are 777.
    Alex
    (http://www.alex-greg.com)

IMN logo majestic logo threadwatch logo seochat tools logo