MySQL_Connect Security

whobutsb

Hello all I have some security questions-

My company is interested in hosting polls for our clients on our website. Ideally we would like to give our clients a code like this:

<?php
include('http://www.xyzcompany.com/poll/poll?id=13');
?>

The script would then run off of our server and the results would be hosted on our Mysql server. The problem is since we are using some ajax, AJAX can't reference outside sites because browsers are configured to block that. So I need to add 2 AJAX scripts and the post to database script on the clients PC. In the post to database script I wanted to add

require_once('http://www.xyzcompany.com/poll/connect.php');

that would contain all our of our database connections. unfortunately i'm getting this error:

mysql_query(): Access denied for user: 'root@localhost'

Is there any way around this or is there a best security practices I should follow? I created a new user for the clients that limits the MySQL commands to Inserts and Selects but should I be doing more?

thanks for the advice!

benracer

Im not sure if this any use but you can set up database permissions to restric users...http://www.google.co.uk/search?hl=en&q=mysql+permissions&meta=

whobutsb

Thanks for the information! I did go into my MySQL preferences and set up permissions for the User so they could only SELECT and INSERT into the table. My main goal is to hide the connection details from them on their end. I don't plan on having web saavy clients knowing what to do with the limited User account, but I rather not even give it the chance.