Chapter 14. Security


  • Identifying the limitations of default MySQL security

  • Learning best practices for providing a more secure MySQL installation

  • Identifying the ideal privileges for client access to the database

  • Encrypting and decrypting data using PHP

  • Creating secure hash values using PHP

  • Preventing common exploits including cross-site scripting, SQL injection, as well as some lesser-known exploits

Security is a critical component of any application software. It's often overlooked and implemented insufficiently due to lack of time or commitment which can translate into a less robust and secure option. Yet it only takes one weak link to destroy a site or brand's reputation.

To ensure that best practices are part of the solution to a secure product, adequate data security must be a prerequisite to commencing development. In fact, it's imperative that applications follow all the rules and best practices outlined in this chapter. This chapter creates a path to securing an application; you'll looks at hardening your MySQL server, encrypting and decrypting data in PHP, and some techniques for overcoming common vulnerabilities.


A default MySQL installation fails to provide adequate best practices in database security. This section discusses these limitations and then various means of improving security including:

  • Operating system security

  • MySQL security permissions

  • Database privileges

  • Other security options

Installation Defaults

When installed, MySQL ...

Get Expert PHP and MySQL® now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.