Improving the security of MySQL database (2)

Talk about how to improve the security of MySQL database from the perspective of password setting

It is necessary to confirm that all users have passwords, especially the root user, and these passwords must be selected regularly. Modification is the same as making a password using the system. The basic rule to remember here is don't use dictionary words as passwords. Using dictionary words as passwords is a very bad idea. A combination of numbers and letters is the best solution.

If you want to save the password in a script file, please confirm that only the user whose password is saved in the script can read the script. The PHP script used to connect to the database requires the password of the user with access. It might be safe to save the login and password in a PHP script, such as dbconnect.php, so that this file can be included when needed. This script must be carefully kept outside the Web document tree structure and must be accessed only by specific users.

Please remember that if you are saving these details in a file ending in .inc or some other extension in the network document tree, be careful to check if the web server knows about this, i.e. , these files must be interpreted as PHP, thus preventing these details from being seen in another web browser.

Do not save passwords in plain text in the database. MySQL passwords are not saved this way, but in web applications it is usually also necessary to save the website user's registration name and password. You can use MySQL's SHA1() function to encrypt the password (one-way) and then save it. Please note that if you use INSERT to insert a password in one of these formats when you run SELECT again (trying to log in a user), you must use the same function again to check the password entered by the user.

Improve the security of MYSQL database from the form verification process

Necessary design should be done to check the data entered by the user when conducting the user submission form, because this will easily allow intruders to try to modify the URL to enter the script. At this time, you need to do the following work: escape the special content in the form, check the boundary type of the data, and check the file size. The best idea for verifying the form is to use JS for verification on the front end and PHP for verification on the backend to ensure database security. If the website involves high-security situations, it is recommended to use SSL certificate encryption.

[Related recommendations]

Improve the security of MySQL database (1)

Improve the security of MySQL database (3)

Improve the security of MySQL database Security (4)

The above is the detailed content of Improving the security of MySQL database (2). For more information, please follow other related articles on the PHP Chinese website!