Hey guys,
I've been developing my own website where I put some articles through a webpage on the server that only people from a particular table in my database have access. Now I want my homepage to request this articles when a normal user connects to the website and preview them. I made a Mysql account which is only a user and can select things from the database. My problem is that this user can select even the table with the usernames and the passwords with the account that can access the publishing page. I'm not sure if the user that reviews the website has any access to the php code, but the thing is that this php code is in my index.php page. What do people normally do when they have a page that has to connect to a database for a normal user that just reviews the website?
If the above is too complicated I'll ask this simple question:
When I'm requesting data from a database on my index.php page could the normal visitor see the php code (and particularly the account and the password I'm connecting with to mysql)?
MySQL normal user account?
Moderator: General Moderators
Re: MySQL normal user account?
No, they can't (unless the server is misconfigured).kalimbo wrote: If the above is too complicated I'll ask this simple question:
When I'm requesting data from a database on my index.php page could the normal visitor see the php code (and particularly the account and the password I'm connecting with to mysql)?
Re: MySQL normal user account?
Either way, you should put the actual credentials outside of the document root (usually on shared hosting that would be one directory above). This way, even if the server is misconfigured for some reason (updated Apache / PHP versions), visitors can see the code but not the credentials. Another common approach is to use a bootstrap script that includes scripts from outside of the document root.
Re: MySQL normal user account?
Thanks guys. 