Getting Started
Nature and Scope of the Problem
Understanding Filtering, Validation,
and Output Escaping
Preventing the Most
Common Forms of Attack
Protecting Against Common
Website Vulnerabilities
Protecting Against
SQL Injection Attacks
About the Author
How can you protect a MySQL database?
Use an up-to-date extension
.
DO NOT use the "mysql" extension
.
mysqli or PDO are preferred
.
Do not allow direct access to the database server from the Internet
.
If on an Internet-facing server, only allow access from "localhost"
Place behind a firewall
Implement proper database user access controls
.
All users should have a password
Use minimal privileges:
SELECT only
SELECT, INSERT, UPDATE, DELETE
Review default settings
.
Remove default installation or configuration folders
Change any default usernames or passwords
+
o
-