Website Security

Discussion in 'Web Server' started by enhu, Sep 1, 2012.

  1. enhu

    enhu New Member

    Messages:
    93
    Likes Received:
    4
    Trophy Points:
    0
    No one will have the access to the website's cpanel and the ftp but someone know your websites database and password, what will be the risk? Will this be something like a No-No thing?

  2. ehansen

    ehansen New Member Staff Writer

    Messages:
    115
    Likes Received:
    11
    Trophy Points:
    0
    Anyone who has access to sensitive information when they shouldn't is a "no-no thing". To say no one will have access to cPanel and FTP means you don't have either installed, otherwise someone will have access to it (even if it's you) and that's a security risk.
  3. Victor Leigh

    Victor Leigh Member

    Messages:
    209
    Likes Received:
    8
    Trophy Points:
    18
    A website, in some ways, is like a house. You need to have a door to get in. If you can get in, then other unwanted intruders can get in, too. The trick is to make the door hard to find and the key hard to guess.
    DevynCJohnson likes this.
  4. eyal_tst

    eyal_tst New Member

    Messages:
    15
    Likes Received:
    3
    Trophy Points:
    3
    I'm not sure this is the case, but I think it brings up an interesting point, since many companies outsource their website development and, since the developers will have access to the DB credentials, it may leave an open door for the future.

    The easiest way, of course, would be to change the password as soon as the development is completed. The problem is that it may require some knowledge that many companies don't have.
  5. enhu

    enhu New Member

    Messages:
    93
    Likes Received:
    4
    Trophy Points:
    0
    What I'm really doing is that I'm going to give away my website's database password so that three of my investors can access and develop their own plugins. Now, I'm not sure if I can trust them with this because I just knew them online. Should I push thru with this project?
    DevynCJohnson likes this.
  6. eyal_tst

    eyal_tst New Member

    Messages:
    15
    Likes Received:
    3
    Trophy Points:
    3
    In that case, create a user with restricted access to the DB (grant SELECT) for each one of your investors.
    That way they don't have full access to the DB. Or do they need full access?
    Either way, create a user for each one of them.

    You will need, however, to open your firewall and allow access to your MySQL. If they're going to access your DB from static IP, you should get those IPs and allow access to your DB only from those IPs.

    As far as trusting them or not, it depends on your comfort level, hard to say.

    Best!
    DevynCJohnson and enhu like this.
  7. enhu

    enhu New Member

    Messages:
    93
    Likes Received:
    4
    Trophy Points:
    0
    Since one of them only just need to access the entries of the blog like posts, which privileges must i give to him? The user also must not have the right to edit posts. is the SELECT Privilege enough for this user?

    [​IMG]
    DevynCJohnson likes this.
  8. eyal_tst

    eyal_tst New Member

    Messages:
    15
    Likes Received:
    3
    Trophy Points:
    3
    Hi,

    Sorry for the delay.
    Yes, SELECT is enough if you want them to only have read access to the DB.

    Cheers!
    DevynCJohnson likes this.

Share This Page