473,703 Members | 4,219 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

connecting to seperate mySQL server through PHP

We currently have our mySQL server on the same box as the Apache
server.
For security and load balancing, we're going to be moving the mySQL
server to another box.
We're already using a single included connection file in all of our PHP
pages that has the server, username, password line that connects to the
database.

Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?
So far the only thing I can think of to help limit that file's exposure
is to place it outside the /var/www/htdocs folder region. And of course
make sure the mySQL account it's connecting to has only the mySQL
permissions it needs.

Thanks for any advice!
Liam

Nov 8 '05 #1
2 1770
>We currently have our mySQL server on the same box as the Apache
server.
For security and load balancing, we're going to be moving the mySQL
server to another box.
We're already using a single included connection file in all of our PHP
pages that has the server, username, password line that connects to the
database.
For security purposes, this file should be *OUTSIDE* the document
root. If PHP is broken (say, during an upgrade if you didn't shut
down Apache, or if filesystem damage during a power failure screws
up one of the libraries), it's outside the document tree, so Apache
won't display it. If PHP is not broken, it will run it, not display
it.

The file needs to be readable by the user Apache and PHP run as,
but should not be readable by others who can log in to the box,
except admins.

I suggest the possibility of multiple logins with different privileges,
although this doesn't directly help your concern. In particular,
probably a lot of your web pages can function with read-only access
to the database.
Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
You need to GRANT privileges so your web server can access the database.

It would be a good idea to firewall the DB server so the whole world
can't get to the MySQL port, if only to load it down trying a futile
dictionary attack. And no, I'm not talking about MySQL permissions
here, although you set those carefully also.
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?
You need the real password to access the database. If an encrypted
password works to access the database, then it *IS* the real password.
So far the only thing I can think of to help limit that file's exposure
is to place it outside the /var/www/htdocs folder region. And of course
make sure the mySQL account it's connecting to has only the mySQL
permissions it needs.


It's very difficult to deal with this if you are on a shared server
with people you don't trust (your competitors who are also customers
of your host).

Gordon L. Burditt
Nov 8 '05 #2
ne**@celticbear .com wrote:
Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?


You could store the username/password as environment variables in
httpd.conf, then chmod the file so only root can read it.

Nov 8 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
3635
by: Google Mike | last post by:
After a lot of thought and research, and playing with FreeTDS and InlineTDS, as well as various ODBC connections, I have determined that the fastest and cheapest way to get up and going with PHP on Linux, connecting to MS SQL Server, unless it was already pre-installed by your Linux installation, is to build your own multithreaded TCP socket server on Windows and connect to it through the socket API in PHP on Linux (if you have installed...
3
6170
by: kamilla | last post by:
I have a mysql 3.5 server installed on a suse linux 8.1, with address 10.0.0.100. Now I want to access that db from a W2K pc, address 10.0.0.200. I am able to ping 10.0.0.100, but I cannot connect to the db, and get error 2013. I have tried with MySQL Administrator 1.0 and also with ODBC. The db on linux has grant all on *.* to ''@'10.0.0.%' and also tried .... to root@10.0.0.200 and others seen on posted messages. I can access that db...
2
1554
by: Jim | last post by:
I'm writing an Invoicing Windows app but I'm writing it to make the code as easy to maintain as possible. Basically, to get any records from my DB, I use two classes: one that sets up the SQL statement, and another that makes the connection (plus the class that contains the windows form). Now, is this the best way to divide my tasks? And by using this structure, how would I be able to update my dataset when I don't have direct access to...
4
1799
by: CodeImp | last post by:
A simple app I quickly wrote to try getting info from a database. Here is the first part of its code. The rest of the code is irellevant. using System; using System.Data; using System.Data.SqlClient; using System.Threading; namespace TestSQL { class Class1
1
2352
by: mm | last post by:
I have several korn shell scripts I use with a MySQL database on the same server (Solaris). I am moving to a Linux environment where the MySQL database is on another server. I would like to convert the database connection code to connect to the database on another Linux server. I see alot of information on Perl DBI CLI and PHP DBI CLI but cannot find any examples of Korn Shell connecting to a database on another server. Is there...
7
4052
by: Frances | last post by:
this seems pretty straight-forward.. got this code $link = mysql_connect('localhost:3306', '<uid>', '<pswd>'); if (!$link) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_close($link); from here..
6
7772
by: Todd Brewer | last post by:
Windows Server 2000 ASP.NET 2.0 SQL Server 2000 (on a physically seperate server) I moved an ASP.NET 2.0 application from a development server to production, and am getting the following error: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not
5
2739
by: Ananthu | last post by:
Hi I have done all the codings part for connecting mysql server with java application but when i try to compile,the compilation is successful and during execution i get the following message, Exception in thread "main" java.lang.NoClassDefFoundError: MysqlConnect Coding Part: import java.sql.*; import java.lang.*;
8
8478
Vkas
by: Vkas | last post by:
i have a domain www.thesunriseschool.com for connecting the database i am using <?php $sId=session_id(); $uIp=$_SERVER; $time=time(); $date_now=date("d/m/Y", $time); $time_now=date("G:i:s", $time);
0
8761
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9262
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9125
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8970
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7876
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6595
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5923
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4690
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2463
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.