I'm wondering if there are any big security risks (e.g. passwords) if I were to use XML files rather than MySQL databases and tables. This isn't anything big like a company's Web site, but I would like to know if there are any drawbacks anyway if anybody knows.

Thank you in advance,
rpgfan3233

*bump*

I figured this was a rather unusual question. It is either that, or the differences are minimal enough to not worry about.

Thanks to those who read this thread. :)

XML isn't a particularly good way to store information, it's not particularly efficient. It's strength comes when you're wanting to pass data between different systems.

Why are you considering XML? You presumably have a reason...

SQLite is an extremely small database system if you think mysql is too big...

As for security, then done properly there's no reason why using XML files would be any less secure.
If you leave them readable, inside a web-accessible directory, then that would be silly, but in a 'safe' part of the filesystem, then not a problem.
A mysql database can be setup with a password, which would perhaps seem to add a layer of security not present with files, but you have to remember that as the web-server/php/whatever needs to be able to access the database, then the connection details are going to have to be included somewhere- so someone who has file-system access to be able to read your XML files is going to be able to find your mysql password with very little effort.


Your first post is a little unclear, but I hope you're not saying that you'd be storing passwords in either the database or a file in plaintext?

XML isn't a particularly good way to store information, it's not particularly efficient. It's strength comes when you're wanting to pass data between different systems.

Why are you considering XML? You presumably have a reason...

SQLite is an extremely small database system if you think mysql is too big...

As for security, then done properly there's no reason why using XML files would be any less secure.
If you leave them readable, inside a web-accessible directory, then that would be silly, but in a 'safe' part of the filesystem, then not a problem.
A mysql database can be setup with a password, which would perhaps seem to add a layer of security not present with files, but you have to remember that as the web-server/php/whatever needs to be able to access the database, then the connection details are going to have to be included somewhere- so someone who has file-system access to be able to read your XML files is going to be able to find your mysql password with very little effort.


Your first post is a little unclear, but I hope you're not saying that you'd be storing passwords in either the database or a file in plaintext?

No, the passwords would most definitely be hashed, probably using MD5 then perhaps SHA-1 or something. I haven't decided yet, but I would think that XML would be faster than SQLite or MySQL with regard to page load times. After all, XML is just text, right?

it is just text, and text isn't inherently fast. XML is a format designed for being sufficiently verbose that it can be passed between different systems, and can be read and edited directly by people.
As soon as you need to do any kind of searching, file-system access times will rocket, unless you implement some kind of file-based indexing system and query-language...which is pretty much what SQLite is :|

Okay, thank you for responding. I shall reconsider further before making my decision.