SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    MySQL username/password security

    Dear all,


    When you set up permissions for a MySQL database, you can specify from which hosts the user is valid. For example, you can set up a user/pass which is only valid when it is used on the localhost.

    Surly, this means that even if someone managed to steal your user/pass for your database, unless they had access to your server, they would not be able to do anything with it as the user/pass can only connect to the database from the localhost.


    Thanks

    Guy

  2. #2
    reads the ********* Crier silver trophybronze trophy longneck's Avatar
    Join Date
    Feb 2004
    Location
    Tampa, FL (US)
    Posts
    9,854
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    yes

  3. #3
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by longneck
    yes

    Errr... please could you elaborate

    thanks

    Guy

  4. #4
    reads the ********* Crier silver trophybronze trophy longneck's Avatar
    Join Date
    Feb 2004
    Location
    Tampa, FL (US)
    Posts
    9,854
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    not really. you hit the nail on the head. if you set it up so that a mysql user can only log in from localhost, then your server would have to be compromised more than just exposing that mysql username and password for someone to exploit that account.

  5. #5
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by longneck
    not really. you hit the nail on the head. if you set it up so that a mysql user can only log in from localhost, then your server would have to be compromised more than just exposing that mysql username and password for someone to exploit that account.
    So why do people keep on telling me that I need to keep my MySQL user/password stored in a file outside the web root? I guess they have not set up the user correctly.

    Thanks for the reply

    Regards

    Guy


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •