5.1. Securing Your Database

The heart of every e-commerce application is its database. That heart is the most attractive prize for crackers because you store all your customers' information — possibly even their payment information — in the database.

Avoid storing customers' credit card or card security numbers (those three digit numbers on the back of the card). Many larger merchants do, and several have faced the information security problem — not to mention the public relations nightmare — of stolen credit card information. Unless you have the resources to adequately secure your servers and network, avoid the problem completely and delete credit card information as soon as the transaction is complete.

You need to follow two steps to secure an e-commerce database: Secure the database itself and secure the information needed to access the database.

5.1.1. Securing the database

Depending on the size of your enterprise, your database might reside on the same physical machine as your Web server, or it might be on its own server. Either way, pay close attention to a few important pieces of information:

  • The user that the database runs as

  • The passwords used to connect to the database

  • The privileges each user is granted

5.1.1.1. Choose a database user

You might think that creating a general system user that runs the Web server, the mail server, and the database, or having these systems ...

Get PHP & MySQL® Web Development All-in-One Desk Reference for Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial