web interface and database

May 28, 2012

I have a PHP web interface , connected to mysql db, is it possible for anyone visiting the web interface to grip the database itself? he can get a record for sure using the web page but i mean getting the whole database offline.

2,809 · May 28, 2012

Hey, thanks for your post. I'm struggling to understand you perfectly though, could you maybe try to explain a little more?

Thanks :)

20,536 · May 28, 2012

It depends on how the code is written, how it interacts with MySQL, etc.

45,042 · May 28, 2012

I swear the quality of replies on here is headed downhill.

Anyway...

If you have a well written front-end, using a good connection object (I favour PDO), disallowing SELECT statements and work purely with stored procedures, then that's a major start.

You should connect using a user with just enough permissions, sure as hell not ROOT or such.

Then on your database allow connections only via specified users and known IPs.

That's a major start

2,809 · May 28, 2012

On 28/05/2012 at 12:00, nik louch said:

I swear the quality of replies on here is headed downhill.

Elaborate?

Sign In

web interface and database

Question

XP_2600

Link to comment

Share on other sites

4 answers to this question

Recommended Posts

-Alex-

Link to comment

Share on other sites

The_Decryptor Veteran

Link to comment

Share on other sites

+Nik Louch Subscriber²

Link to comment

Share on other sites

-Alex-

Link to comment

Share on other sites

Recently Browsing 0 members

Company

Community

Social

Partners

Forums

News

Features

More

Themes