Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
November 8, 2005, 5:46 pm
rate this thread
For security and load balancing, we're going to be moving the mySQL
server to another box.
We're already using a single included connection file in all of our PHP
pages that has the server, username, password line that connects to the
Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?
So far the only thing I can think of to help limit that file's exposure
is to place it outside the /var/www/htdocs folder region. And of course
make sure the mySQL account it's connecting to has only the mySQL
permissions it needs.
Thanks for any advice!
Re: connecting to seperate mySQL server through PHP
For security purposes, this file should be *OUTSIDE* the document
root. If PHP is broken (say, during an upgrade if you didn't shut
down Apache, or if filesystem damage during a power failure screws
up one of the libraries), it's outside the document tree, so Apache
won't display it. If PHP is not broken, it will run it, not display
The file needs to be readable by the user Apache and PHP run as,
but should not be readable by others who can log in to the box,
I suggest the possibility of multiple logins with different privileges,
although this doesn't directly help your concern. In particular,
probably a lot of your web pages can function with read-only access
to the database.
You need to GRANT privileges so your web server can access the database.
It would be a good idea to firewall the DB server so the whole world
can't get to the MySQL port, if only to load it down trying a futile
dictionary attack. And no, I'm not talking about MySQL permissions
here, although you set those carefully also.
You need the real password to access the database. If an encrypted
password works to access the database, then it *IS* the real password.
It's very difficult to deal with this if you are on a shared server
with people you don't trust (your competitors who are also customers
of your host).
Gordon L. Burditt