Mysql connect

MBK

All,

I am currently using the 'root' account to connect to my mysql db, but I have seen that this is not very good practice or very safe.
What other options are there, as I don't want to be displaying the password to any other accounts in my script in case people use the View Source capabilities.

Please help.

bastien

but it is best to create an anonymous account (ie webuser) with limited capabilities (i only give insert, update, select privileges) to the tables in your DB. MySQL allows for very fine granualarity which means that you can set it up many limitations (get a book on MySQL) based on user ID or IP. you can also limit acccess to particular tables and so one

also place the file holding the DB connection info outside the webroot folder and use an include to retrieve it when needed...

also possible to add code to both calling and DB conn page to allow only valid users (there was post recently with sample code)
by declaring a variable and checking for this variable on the DB conn page

note that if you save the file with a .php extension the server would execute that code before showing anything on the browser and therefore you should not be able to 'see' the source server side script on the client

another option is to write some sort of COM object that can be called by the page. this COM object can hold all the DB conn stuff as a program and would also be more secure

the biggest concern is the web server and how it has been secured, if well done then hacker access would be tough, if poorly done then even the most secure web page and DB design will not keep the data safe.