Hello i have a question about the security of my website, does my website can get hacked somehow if im updating it directly from my database? (ex. images, posts, links...). I have few pages on my website which have PHP code to read info from the database and i do not have any input fields which are availabe to the public. Im asking this question because i cannot make secure system that i can update it from there. if there is other option of doing this please feel free to share and if you need to see the code i will post it just say to me. Thank you very much :)
Stefce 146 Posting Pro
cereal 1,524 Nearly a Senior Poster Featured Poster
I have some questions to ask here:
- is the database in your location?
- can the database accept remote connections?
- can you define which IPs are allowed to connect the database?
- can you create database users?
In reference to the last, if you can create new users, then create a readonly user for the website, so that even if user and password are spotted, no one gains write privileges. Then use a user with write privileges to update.
See:
TexWiller commented: to answer to you please post your ip and root password +0
cereal 1,524 Nearly a Senior Poster Featured Poster
@TexWiller sorry, I explain you why I asked if the database is in the OP location and not in the web server: in that case he would have to setup a TSL certificate between the client (in the web server) and the database in his network, otherwise the connection could be spoofed. In this case is not even a big deal because it would be in read-only (and that's why I asked if he was able to create new users).
Answering from "here", without knowing the setup of the OP is not always simple. By having more information maybe I can suggest a better solution. That's all.
If you have doubts or something else to say to me, reply here and I'll send you a private message, as I think you, with the new rules, you cannot start it. Thank you.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.