Lesson 27

Preventing Database Security Issues

In this lesson, you learn the general security guidelines to use when using MySQL. Some of these guidelines are general ones that have been mentioned before in other lessons and some are particular to using a database and MySQL. They are gathered together here so that you can easily refer to them. As you are learning a new skill it can be exhilarating to just get things to work, and it's easy to ignore security issues. That can result in a painful lesson in the current climate.

Security steps must be taken to make MySQL itself more secure against attacks. These are related to your server setup and are not covered in this book. The XAMPP setup used throughout this book is for local development and is not secure for Internet access. However, the practices in this lesson are designed to make your code secure when used online.

Understanding Security Issues

There is no such thing as making your code completely secure against attacks. You can, however, reduce what harm can be done and make it less likely that you will be successfully hacked. Issues to be aware of are unauthorized access to your database files, unauthorized ability to change the database structure, unauthorized ability to see or change data, and SQL injection.

Unauthorized access to your database files is mostly dependent on your server setup. This is related to who has access to the MySQL files and what the permissions are on those files. MySQL is an application and as such ...

Get PHP and MySQL® 24-Hour Trainer now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.