Database security...

Anon

Hello,
I would like to know what are some good things that I can do to make my database less prone to hackers. I know a good secuirty measure is to use SSL when connecting to mysql through php scripts. What else can I do? Thanks.

-Mike

Anon

Using SSL will only help you if the database is on a different server to the server that PHP is on.

The biggest hint is create a user named something like 'phpuser' and then use that for all PHP db access. You will need to explicitly grant them access to everything they need. Don't use the superuser account.

Also, make sure you're escaping ALL user input that you put in your SQL.

Chris