MySQL normal user account?

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
kalimbo
Forum Newbie
Posts: 3
Joined: Wed Nov 03, 2010 7:41 am

MySQL normal user account?

Post by kalimbo »

Hey guys,

I've been developing my own website where I put some articles through a webpage on the server that only people from a particular table in my database have access. Now I want my homepage to request this articles when a normal user connects to the website and preview them. I made a Mysql account which is only a user and can select things from the database. My problem is that this user can select even the table with the usernames and the passwords with the account that can access the publishing page. I'm not sure if the user that reviews the website has any access to the php code, but the thing is that this php code is in my index.php page. What do people normally do when they have a page that has to connect to a database for a normal user that just reviews the website?

If the above is too complicated I'll ask this simple question:
When I'm requesting data from a database on my index.php page could the normal visitor see the php code (and particularly the account and the password I'm connecting with to mysql)?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: MySQL normal user account?

Post by Weirdan »

kalimbo wrote: If the above is too complicated I'll ask this simple question:
When I'm requesting data from a database on my index.php page could the normal visitor see the php code (and particularly the account and the password I'm connecting with to mysql)?
No, they can't (unless the server is misconfigured).
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: MySQL normal user account?

Post by Eran »

Either way, you should put the actual credentials outside of the document root (usually on shared hosting that would be one directory above). This way, even if the server is misconfigured for some reason (updated Apache / PHP versions), visitors can see the code but not the credentials. Another common approach is to use a bootstrap script that includes scripts from outside of the document root.
kalimbo
Forum Newbie
Posts: 3
Joined: Wed Nov 03, 2010 7:41 am

Re: MySQL normal user account?

Post by kalimbo »

Thanks guys. :)
Post Reply