Re: Security and Style for CSV to mySQL script

For security reasons you should always have the authentication information stored in a separate, secure file. Call the file using "require". If this is a cgi script then the authentication file should be stored outside of the webserver's document tree. You don't want to give anyone the chance to read it.

Neil Watson
watson-wilson.ca

Comment on Re: Security and Style for CSV to mySQL script

Replies are listed 'Best First'.
Re: Re: Security and Style for CSV to mySQL script by jerrygarciuh (Curate) on Sep 04, 2002 at 16:15 UTC
Thank you! Definitely should have thought of that. jg _____________________________________________________ Think a race on a horse on a ball with a fish! TG	[reply] [d/l]
Re: Re: Re: Security and Style for CSV to mySQL script by neilwatson (Priest) on Sep 04, 2002 at 16:21 UTC
Also, (this may seem to obvious, if so I apologize) make sure the user account you use to access mysql has only the permissions it needs. So if the user is only viewing the information of a specific DB then the mysql user account should have read-only access to that DB only. You can even specify permissions by tables IIRC. Neil Watson watson-wilson.ca	[reply]