PHP and MySQL Web Development - P56: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | Making Your MySQL Database Secure 247 MySQL from the Operating System s Point ofView It s a bad idea to run the MySQL server mysqld as root if you are running a UNIX-like operating gives a MySQL user with a full set of privileges the right to read and write files anywhere in the operating system. This is an important point easily overlooked which was famously used to hack Apache s Web site. Fortunately the crackers were white hats good guys and the only action they took was to tighten up security. It s a good idea to set up a MySQL user specifically for the purpose of running mysqld. In addition you can then make the directories where the physical data is stored accessible only by the MySQL user. In many installations the server is set up to run as userid mysql in the mysql group. You should also ideally set up your MySQL server behind your firewall. This way you can stop connections from unauthorized machines check and see whether you can connect from outside to your server on port number is the default port that MySQL runs on and should be closed on your firewall. Passwords Make sure that all your users have passwords especially root and that these are well chosen and regularly changed as with operating system passwords. The basic rule to remember here is that passwords that are or contain words from a dictionary are a bad idea. Combinations of letters and numbers are best. If you are going to store passwords in script files then make sure only the user whose password is stored can see that script. The two main places this can arise are 1. In the script you might need to use the UNIX root password. If this is the case make sure only root can read this script. 2. In PHP scripts that are used to connect to the database you will need to store the password for that user. This can be done securely by putting the login and password in a file called for example that you then include when required. This script can be .