Securing the PHP to MySQL conenction
I've been running a flat file .html website for a while now and while I could continue to do so, there's a few parts to the site that would certainly benefit from being database driven.
As such I've been exploring PHP with a MySQL database back-end. Both of these are provided by my hosting company and I've got my head round some of the basics, even getting as far as creating a basic page that returns values from on of the tables.
However, it concerns me that in the PHP file, I am having to specify the username and password of the read-only user that I created specifically for anonymous web users. Am I missing something or is this the only way for the connection to work?
I've seen reference to creating a PHP ODBC data connection, but I'm hosted on a Linux solution and don't know if it's possible to create a site wide connection file in Linux, to connect to the one database and it's different tables?
Any help will be greatly appreciated - the current site in question is: http://www.charlosa.com and it's the drinks and photography sections that I'm looking to PHP up...
Thanks in advance and just wanted to say that this looks like a great community site for web developers
Shaggy posted this at 13:21 — 31st August 2009.
They have: 121 posts
Joined: Dec 2008
I can't speak for your hosting provider, but I imagine by now many unix providers have implemented 'su_php', an apache module that allows PHP to read and execute php scripts owned by their authors, without having to be readable / cgi executable.
If your host does offer such a configuration, you should be able to have your private database connection info readable only by you, and no read/write/execute permissions to group or others...
Cheers,
Shaggy.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.