Reply to Re: What's best way to do?

Your name:

Reply:


Posted by Pat on 01/08/06 14:12

Thanks

"Dikkie Dik" <"' OR 1=1 LIMIT 1-- haha"@haha.com> schreef in bericht
news:dpp7pb$67m$1@news.cistron.nl...
>> i wrote a webapplication with mysql database. In the PHP code, i use user
>> 'root' in the mysql_connect command.
>>
>> The user of the application is limited to the application and cannot
>> delete or alter a table, only update, delete and insert the tables.
>>
>> Is it a good practise to do so, or is it better to define a "anonymous"
>> user with limited rights?
>
> As Markus said, it is better to create a limited "web" user. If a hacker
> somehow gets the account data, he cannot do more than the web user could
> do via the page. If you really want to limit the database access and if
> your database supports stored procedures, you could define a stored
> procedure for every allowed action on the database and grant only execute
> rights to the web user.
>
> Best regards

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация