PHP 8.4.2 Released!

Database Security

Table of Contents

Nowadays, databases are cardinal components of any web based application by enabling websites to provide varying dynamic content. Since very sensitive or secret information can be stored in a database, you should strongly consider protecting your databases.

To retrieve or to store any information you need to connect to the database, send a legitimate query, fetch the result, and close the connection. Nowadays, the commonly used query language in this interaction is the Structured Query Language (SQL). See how an attacker can tamper with an SQL query.

As you can surmise, PHP cannot protect your database by itself. The following sections aim to be an introduction into the very basics of how to access and manipulate databases within PHP scripts.

Keep in mind this simple rule: defense in depth. The more places you take action to increase the protection of your database, the less probability of an attacker succeeding in exposing or abusing any stored information. Good design of the database schema and the application deals with your greatest fears.

add a note

User Contributed Notes 1 note

up
1
gabe dot aust at gmail dot com
8 days ago
The most significant way to protect databases is to simply use authentication! There are production systems online with null and default administrator credentials. See the recent "The Real World" hack...
Rule 1: Simply use authentication instead of not using it... Obviously do not save the credentials in a public-readable file.
Rule 2: Create a subsidiary account with access only to the live schema being used by your PHP app, i.e. never use the global DBMS admin account as a service login.
Rule 3: Block access at the DBMS end to only allow the web server to access the API. Most access is network based so that will involve filtering by IP.
Rule 4: You can obfuscate a bit more by setting a non-standard port but this may require code changes in the API calls you coded.
The above are some simple steps anyone can perform. More serious securing would likely involve setting up SSL connectivity.
To Top