By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,665 Members | 1,363 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,665 IT Pros & Developers. It's quick & easy.

Problem regarding Confining a user for securing MYSQL

omerbutt
100+
P: 638
hi every one I am A new Bee to php mysql and i was surfing through the net to learn about how to secure the mysql when you are working in a web environment while working with php html and javascript i came through this article
http://articles.techrepublic.com.com/5100-6350_11-5287638.html
and before i proceede i must tell you that iam using win xp professional sp2

where were given two main and very first step before you start making your program or start using your database
the first stepDefine your Users was alright i got that and did it but when i reached
the second step Confine your users i was confused to how to run my database in chrooted environment i mean i have installed XAMP and i have installed it onother than c:\ drive but how can i "Remove the Everyone group, add the MySQL group, and give full control to the directory structure."
isnt this thing the one that i did in the first step creating the user, what I dont think so ,here is the second step
Confine your users

Allowing a remote user to run a process on your server is inherently dangerous, but it happens every time you open a Web page or run a network application. The key to securing this remote access is limiting the local resource structure to a specific user process.

You can confine remote access to MySQL by running your database in a chroot environment. (Chroot changes the root directory and restricts a process to an isolated subset of the file system.)

[b]Windows Server 2000 or Windows Server 2003[b]
Follow the installation instructions, and install the database on a separate drive from your system drive (typically C:). Remove the Everyone group, add the MySQL group, and give full control to the directory structure.

If your database is colocated on your Web server, you need to disable access to TCP port 3306. This eliminates direct attacks from remote connections.
thanks for any help in this regard, and would be higly appreciated
regards omer
Mar 8 '08 #1
Share this Question
Share on Google+
4 Replies


ronverdonk
Expert 2.5K+
P: 4,258
You are double posting!! with thread hi,][quote=mageswar005]hi, , Changing the thread title does not help to avoid this. Do not do this again. The new thread will be removed.

moderator
Mar 14 '08 #2

omerbutt
100+
P: 638
[quote=ronverdonk]You are double posting!! with thread hi,]
hi,
, Changing the thread title does not help to avoid this. Do not do this again. The new thread will be removed.

moderator
i apologise that but i thaught that i might have not given an appropriate topic name because of which there hasnt been any reply so far and as i could nit change the topic now so i thaught i might post it again with a better topic thats why.
but i would be careful next time ,
My apologies,
Omer Aslam.
Mar 15 '08 #3

ronverdonk
Expert 2.5K+
P: 4,258
Ok Omer, I understand and it is okay. See you.

Ronald
Mar 15 '08 #4

omerbutt
100+
P: 638
Ok Omer, I understand and it is okay. See you.

Ronald
:) thanks sir
regards,
omer
Mar 18 '08 #5

Post your reply

Sign in to post your reply or Sign up for a free account.