Security

2 posts / 0 new
Last post
#1 Thu, 02/21/2013 - 02:01
Anonymous

Security

Hi, I have a dedicated server hosting a domain and SQL database Lets call it My_domain.com

I have written a script which accesses my database and I want to put it on a totally different server on a domain called Client_domain.com

I have granted remote access to the SQL database by IP address of the Client_domain.com server.

My question is about how I can limit the database access.

For example the script includes:

$host = "localhost"; $user = "admin"; $password = "htadtsrxdVnJIu3"; $database = "exor543";

When I put this script on the Client_domain.com server belonging to someone else, if the client knows php they will be able to take that connection data and write their own script to copy the whole database or delete the database or just mess it all up.

If I give the client a new USER can I then limit the user to just running certain actions on the database ? Maybe just reading ? ( But then they could still copy the who thing )

Not sure how to address this security problem.

Any thoughts ?

Thanks

Thu, 02/21/2013 - 12:02
lp86

You can limit their ability to drop databases/tables by not giving them DROP permissions. I don't think you can stop them from copying the database.

Here is a list of privileges, http://dev.mysql.com/doc/refman/5.1/en/grant.html#grant-privileges

This would have to be done from either the command line mysql utility, or phpMyAdmin. You should create a new user for these restrictions as Virtualmin may overwrite your changes.

Someone on the client system could use the mysqldump utility to make a dump of this database, but I don't know of any way to block that functionality.

Topic locked