O'Reilly logo

Expert PHP and MySQL® by Patrick Galbraith, Ronald Bradford, Andrew Curioso

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 14. Security

WHAT'S IN THIS CHAPTER?

  • Identifying the limitations of default MySQL security

  • Learning best practices for providing a more secure MySQL installation

  • Identifying the ideal privileges for client access to the database

  • Encrypting and decrypting data using PHP

  • Creating secure hash values using PHP

  • Preventing common exploits including cross-site scripting, SQL injection, as well as some lesser-known exploits

Security is a critical component of any application software. It's often overlooked and implemented insufficiently due to lack of time or commitment which can translate into a less robust and secure option. Yet it only takes one weak link to destroy a site or brand's reputation.

To ensure that best practices are part of the solution to a secure product, adequate data security must be a prerequisite to commencing development. In fact, it's imperative that applications follow all the rules and best practices outlined in this chapter. This chapter creates a path to securing an application; you'll looks at hardening your MySQL server, encrypting and decrypting data in PHP, and some techniques for overcoming common vulnerabilities.

HARDENING YOUR MYSQL SERVER

A default MySQL installation fails to provide adequate best practices in database security. This section discusses these limitations and then various means of improving security including:

  • Operating system security

  • MySQL security permissions

  • Database privileges

  • Other security options

Installation Defaults

When installed, MySQL ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required