Skip to Content
PHP and MySQL® 24-Hour Trainer
book

PHP and MySQL® 24-Hour Trainer

by Andrea Tarr
November 2011
Beginner
504 pages
11h 30m
English
Wrox
Content preview from PHP and MySQL® 24-Hour Trainer

Lesson 27

Preventing Database Security Issues

In this lesson, you learn the general security guidelines to use when using MySQL. Some of these guidelines are general ones that have been mentioned before in other lessons and some are particular to using a database and MySQL. They are gathered together here so that you can easily refer to them. As you are learning a new skill it can be exhilarating to just get things to work, and it's easy to ignore security issues. That can result in a painful lesson in the current climate.

Security steps must be taken to make MySQL itself more secure against attacks. These are related to your server setup and are not covered in this book. The XAMPP setup used throughout this book is for local development and is not secure for Internet access. However, the practices in this lesson are designed to make your code secure when used online.

Understanding Security Issues

There is no such thing as making your code completely secure against attacks. You can, however, reduce what harm can be done and make it less likely that you will be successfully hacked. Issues to be aware of are unauthorized access to your database files, unauthorized ability to change the database structure, unauthorized ability to see or change data, and SQL injection.

Unauthorized access to your database files is mostly dependent on your server setup. This is related to who has access to the MySQL files and what the permissions are on those files. MySQL is an application and as such ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Expert PHP and MySQL®

Expert PHP and MySQL®

Andrew Curioso, Ronald Bradford, Patrick Galbraith

Publisher Resources

ISBN: 9781118066881Purchase book