Website Security

E

enhu

Guest
No one will have the access to the website's cpanel and the ftp but someone know your websites database and password, what will be the risk? Will this be something like a No-No thing?
 


Anyone who has access to sensitive information when they shouldn't is a "no-no thing". To say no one will have access to cPanel and FTP means you don't have either installed, otherwise someone will have access to it (even if it's you) and that's a security risk.
 
A website, in some ways, is like a house. You need to have a door to get in. If you can get in, then other unwanted intruders can get in, too. The trick is to make the door hard to find and the key hard to guess.
 
I'm not sure this is the case, but I think it brings up an interesting point, since many companies outsource their website development and, since the developers will have access to the DB credentials, it may leave an open door for the future.

The easiest way, of course, would be to change the password as soon as the development is completed. The problem is that it may require some knowledge that many companies don't have.
 
What I'm really doing is that I'm going to give away my website's database password so that three of my investors can access and develop their own plugins. Now, I'm not sure if I can trust them with this because I just knew them online. Should I push thru with this project?
 
What I'm really doing is that I'm going to give away my website's database password so that three of my investors can access and develop their own plugins. Now, I'm not sure if I can trust them with this because I just knew them online. Should I push thru with this project?

In that case, create a user with restricted access to the DB (grant SELECT) for each one of your investors.
That way they don't have full access to the DB. Or do they need full access?
Either way, create a user for each one of them.

You will need, however, to open your firewall and allow access to your MySQL. If they're going to access your DB from static IP, you should get those IPs and allow access to your DB only from those IPs.

As far as trusting them or not, it depends on your comfort level, hard to say.

Best!
 
Since one of them only just need to access the entries of the blog like posts, which privileges must i give to him? The user also must not have the right to edit posts. is the SELECT Privilege enough for this user?

6i9pgw.png
 
Hi,

Sorry for the delay.
Yes, SELECT is enough if you want them to only have read access to the DB.

Cheers!
 


Top