...

View Full Version : how to secure my mysql database from others?



student
04-06-2007, 06:07 AM
Hello,
I have some doubts.

1) if somebody else knows my mysql database username and password ( username with all permissions ) can they copy my database even if they do not know my control panel password?

2) Suppose I have placed my database username and password in a .php file in my file manager not in the admin folder, is there any possibility for others to steal my username and password?

3) what steps should I take to secure my mysql database from hacking and all such unwanted dangers.

Thank you.

_Aerospace_Eng_
04-06-2007, 06:52 AM
Well if they know your username and password then they can get control yes. Your databases aren't really stored in your control panel like you think they are. They are in a different place on your server. Where I have no idea. As far as the db connection info being in a php file. If you can move the php file to a directory above your public_html directory then that would make it harder for people to view it.

student
04-06-2007, 03:33 PM
Hello,
Can you please inform me how to store the username and password in a file above public_html
and how to access that from my files.
please give some example

otherwise, if I password protect a directory and keep that file there, will this be safe?
thank you.

_Aerospace_Eng_
04-06-2007, 07:31 PM
Hello,
Can you please inform me how to store the username and password in a file above public_html
and how to access that from my files.
please give some example

otherwise, if I password protect a directory and keep that file there, will this be safe?
thank you.

It could be safe but its just better to put it in a folder above your public_html folder. Umm as far as an example there isn't much to explain, its pretty simple.

Lets say when you login to your server through ftp you see a lot of folders along side your public_html folder. This is where you would put your db connection file.

To access from php you need to use the absolute path. Usually its something like

<?php include('/home/username/dbconnect.php'); ?>

To find out what your root path is, make a php file and put this in it

<?php echo $_SERVER['DOCUMENT_ROOT']; ?>

Upload it to your public_html directory. If you are unable to access the folders above your public_html folder then you might be out of luck and using an htaccess password might work but I'm not sure how well the script will be able to handle the file if its in a password protected directory.

student
04-06-2007, 08:26 PM
Hello,
It worked.
I placed a file in the public_html
and accessing it from my php files.
hope it will be secure.
thanks.

_Aerospace_Eng_
04-06-2007, 10:04 PM
No you don't want the file in the public_html folder. I was just telling what to do to get your document root. It will be something like home/username/

jsolomon
04-09-2007, 09:29 PM
I have the same concern. If I have put my config file in above my public_html folder is there any other precautions I can take to make sure my database is secure? This is a big concern for my project.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum