||08-25-2010 03:14 AM
Help on security!
Good day to all,
First my purpose is to share my database connection to someone (other server) but I want to restrict them from modifying it. It is just for viewing data not for modifying.
/*this is my php file that I wanted to share wherein the database connection can be found.
it's name for example is conn.php*/
Now that I have my conn.php containing the sensitive part of my database including a password. This is the php file from another server that I want to share my conn.php to.
/*this is my php file from another server that will use my conn.php.
it's name for example is client.php*/
$viewrecord = mysql_query("select * from record where id = 'myname'");
while ($result = mysql_fetch_array($viewrecord))
Now, we have settled the connection, and the client can view now the record from table record.
What I'm afraid of is, What if the client.php did something like:
$name = "I will";
$age = "destroy the hell";
$address = "out of your database hahaha";
mysql_query("update record (name,age,address) values ('$name','$age','$address') where id = 'myname'");
Man that will be the worse day of my database if he did something like that, please advice me of some of security techniques.
||08-25-2010 03:32 AM
create a new DB user for your client, give them acces to READ your database only.
Then any INSERT UPDATE and DELETE commands will be ignored.
In addition, including your config php from a remote site, as it uses "localhost" for the hostname, will not work, you'll need to get the DNS/IP address for your SQL server and use that. In addition some hosts only allow connections to the database from inside their datacenters, so they maynot beable to connect like that.
In that case, you'll need to create some sort of gateway.
||08-25-2010 04:49 AM
I'll try it. Thanks!
|All times are GMT +1. The time now is 12:53 AM.
Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.