[prog] PHP script security
Kristin M. Fitzsimmons 02
Kristin.M.Fitzsimmons.02 at Alum.Dartmouth.ORG
Wed Aug 13 13:30:57 EST 2003
> I've set up a restricted MySQL user for the script to invoke
> which has SELECT priviledges only for the database. One question
> is, I've put the username and password for that restricted
> account in the script. Is this how it's commonly done? Is this
> an okay way to do this?
>
The only improvement I might suggest is to put the connect info (up to and including the "$link = ..." line into a .inc file and just include that file at the top of your script. I don't think this is a great improvement to security, but it does make it much easier to change the password if you need to (assuming you'll have other pages that will want to access the database eventually).
I'd also like to know if there's a more secure way of doing this sort of thing -- I haven't found anything to suggest that this method isn't ok, but that doesn't necessarily mean there isn't something better out there. ;)
-kristin
More information about the Programming
mailing list