We currently have our mySQL server on the same box as the Apache
server.
For security and load balancing, we're going to be moving the mySQL
server to another box.
We're already using a single included connection file in all of our PHP
pages that has the server, username, password line that connects to the
database.
Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?
So far the only thing I can think of to help limit that file's exposure
is to place it outside the /var/www/htdocs folder region. And of course
make sure the mySQL account it's connecting to has only the mySQL
permissions it needs.
Thanks for any advice!
Liam
2  1751 
>We currently have our mySQL server on the same box as the Apache server.
For security and load balancing, we're going to be moving the mySQL
server to another box.
We're already using a single included connection file in all of our PHP
pages that has the server, username, password line that connects to the
database.
For security purposes, this file should be *OUTSIDE* the document
root. If PHP is broken (say, during an upgrade if you didn't shut
down Apache, or if filesystem damage during a power failure screws
up one of the libraries), it's outside the document tree, so Apache
won't display it. If PHP is not broken, it will run it, not display
it.
The file needs to be readable by the user Apache and PHP run as,
but should not be readable by others who can log in to the box,
except admins.
I suggest the possibility of multiple logins with different privileges,
although this doesn't directly help your concern. In particular,
probably a lot of your web pages can function with read-only access
to the database.
Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
You need to GRANT privileges so your web server can access the database.
It would be a good idea to firewall the DB server so the whole world
can't get to the MySQL port, if only to load it down trying a futile
dictionary attack. And no, I'm not talking about MySQL permissions
here, although you set those carefully also.
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?
You need the real password to access the database. If an encrypted
password works to access the database, then it *IS* the real password.
So far the only thing I can think of to help limit that file's exposure
is to place it outside the /var/www/htdocs folder region. And of course
make sure the mySQL account it's connecting to has only the mySQL
permissions it needs.
It's very difficult to deal with this if you are on a shared server
with people you don't trust (your competitors who are also customers
of your host).
Gordon L. Burditt ne**@celticbear.com wrote: Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?
You could store the username/password as environment variables in
httpd.conf, then chmod the file so only root can read it. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Google Mike |
last post by:
After a lot of thought and research, and playing with FreeTDS and
InlineTDS, as well as various ODBC connections, I have determined that
the fastest and cheapest way to get up and going with PHP on...
|
by: kamilla |
last post by:
I have a mysql 3.5 server installed on a suse linux 8.1, with address 10.0.0.100.
Now I want to access that db from a W2K pc, address 10.0.0.200.
I am able to ping 10.0.0.100, but I cannot connect...
|
by: Jim |
last post by:
I'm writing an Invoicing Windows app but I'm writing it to make the code as
easy to maintain as possible. Basically, to get any records from my DB, I
use two classes: one that sets up the SQL...
|
by: CodeImp |
last post by:
A simple app I quickly wrote to try getting info from a database. Here
is the first part of its code. The rest of the code is irellevant.
using System;
using System.Data;
using...
|
by: mm |
last post by:
I have several korn shell scripts I use with a MySQL database on the
same server (Solaris). I am moving to a Linux environment where the
MySQL database is on another server. I would like to...
|
by: Frances |
last post by:
this seems pretty straight-forward.. got this code
$link = mysql_connect('localhost:3306', '<uid>', '<pswd>');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected...
|
by: Todd Brewer |
last post by:
Windows Server 2000
ASP.NET 2.0
SQL Server 2000 (on a physically seperate server)
I moved an ASP.NET 2.0 application from a development server to production,
and am getting the following error:...
|
by: Ananthu |
last post by:
Hi
I have done all the codings part for connecting mysql server with java application but when i try to compile,the compilation is successful and during execution i get the following message,
...
|
by: Vkas |
last post by:
i have a domain www.thesunriseschool.com
for connecting the database i am using
<?php
$sId=session_id();
$uIp=$_SERVER;
$time=time();
$date_now=date("d/m/Y", $time);...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
