PHP, MySQL, Apache question
clug at bitfed.com
Mon Jul 15 16:35:01 EST 2002
I currently have an account on a webhosting company's box and they do virtual hosting. I want to access a MySQL database on the same box, but because Apache runs as nobody, I cannot put the db passwd anywhere without it being readable by nobody and hence readable by everyone on that server. Is there some way that security could be acheived in this situation that I could perhaps recommend to the provider. Is there some way of telling MySQL to only allow certain activities on a database, or even better certain queries, with specific (checked) parameters. I've heard mention of stored procedures in some db's in the past. Could some of solution using a second username to the database with only the capacity to run a stored procedure work (I know nothing about stored procedures, so I'm probably on the wrong track here).
The art of finding slogans to put on T-Shirts.
More information about the linux