List:General Discussion« Previous MessageNext Message »
From:David T. Ashley Date:August 23 2007 3:50pm
Subject:Re: Database architecture and security
View as plain text  
On 8/23/07, Jason Pruim <japruim@stripped> wrote:
>
> I am planning on having the database open to customers of mine to
> store their mailing addresses on-line, and be able to manage the
> records.
>
> Is it safe, to have 1 database with lots of tables? Or am I safer
> setting up separate databases for everyone?
>
> I should mention, no one will be accessing the database directly,
> it'll be through a web interface and php to display it.


Assuming that the web server runs on the same box as the MySQL daemon ...
you want to firewall the server so that nobody can connect to the MySQL
daemon directly from outside the box.  It is also a bad idea to allow the
users to have shell accounts on that box unless you have taken additional
security precautions (specifically, being sure the MySQL userid/password
you're using are secure from all but the web server UID/GID, and that no
other userid/passwords have access to the database you're using).

Once that is done, all access to the database is controlled by the PHP
scripts, and there is no security advantage to having multiple databases.

I'm assuming that users have to log in individually (jsmith, bjones, etc.)
and that the PHP scripts then carefully control what each user is allowed to
modify.

I'm also going to assume that you've handled all the obvious technology
issues, such as:

a)Database transactions/atomic actions.

b)Terminating TCP connections and ensuring that each PHP script runs to
completion, anyway, and that the database isn't left in an indeterminate
state due to this.

Dave.

Thread
Database architecture and securityJason Pruim23 Aug
  • Re: Database architecture and securityRolando Edwards23 Aug
    • Re: Database architecture and securityJason Pruim23 Aug
  • Re: Database architecture and securityGary Josack23 Aug
    • Re: Database architecture and securityJason Pruim23 Aug
  • Re: Database architecture and securityDavid T. Ashley23 Aug
    • Re: Database architecture and securityJason Pruim23 Aug
      • Re: Database architecture and securityDavid T. Ashley23 Aug
  • RE: Database architecture and securityJerry Schwartz23 Aug
    • RE: Database architecture and securityWm Mussatto23 Aug