MySQL security issue

Codes here !

Moderators: macek, egami, gesf

Post Reply
Jay

Post by Jay » Thu Oct 24, 2002 2:12 am

You should be able to find the answers you're looking for in the MySQL manual which is very comprehensive and also looks at questions like yours.

You should see an improvement in using a persistent connection, because it's not breaking it all the time and wasting time stopping and starting it several times per user.

If all users have restricted (and identical) access, there's no problem with using the same un and pw. If they have different priviledges, give them different accounts!

DoppyNL

Post by DoppyNL » Fri Oct 25, 2002 2:38 am

There are no problems using only one username and password for mysql itself. That password is located in the php-file itself and will not be available to web-users, so that is not a problem.

storing username's and password inside you're app (mysql tables) is used a lot of the time.
This forum does that, so does my site-software.
Is no problem, as long as you make sure you check if the user may do what he wants to do on EVERY page.
What I mean is that you need to check if a user has acces to a form to add data, but also check if the acces is granted in the script where the data is actually added to the database.

Greetz Daan

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 3 guests