Quote:
Well i got one idea use a different source this was has to much problems
Or trying converting it to work with MySql...
Take the connections out of a LOTF and put it in that source
When did MySQL become insecure? lolQuote:
I think making it MySQL is a bad idea.
Keeping it flatfile will maintain security.
Quote:
They cant just goto [Only registered and activated users can see links. Click Here To Register...] and access it.Quote:
If someone can guess your password, which is highly unlikely, they can just go to [Only registered and activated users can see links. Click Here To Register...] and they can just put in your info and access your entire database. As with a flatfile source that cannot happen.
Quote:
Who the hell is stupid enough to allow external access to their own database from every public address? You should limit it to addresses that you can trust (ie. the ip address of the server which your website is hosted from)
Further more, who the hell is stupid enough to have only one account for their database. I have 2 for example, one which can only make inserts which is used by the website account reg page, and a second which the server uses.
From where im sitting MySQL is 100 times more secure than a flatfile provided you know what your doing. SQL Databases cant be copied from a hdd and distributed freely, where as a flatfile can be errased by a disgruntled member of staff who happens to have access to your server and knows where to look.
http://95.65.135.54/phpmyadmin
Well, a couple of things you should be aware of before you declare SQL insecure;Quote:
That wasn't the actual URL.
That's an example.Code:http://95.65.135.54/phpmyadmin
They use your ip.
If they know your password they can access it.
I've done it to people before.
And no one has access to my server so that cannot happen.
Quote:
Firstly what your describing only applies (Clearly) to people who have installed and use phpmyadmin, if they dont then its irrelevant.
Secondly you can limit the addresses who can access your database, so if your ip address is not in the list of acceptable addresses, you are not getting in, password or not, you wont even be shown a login screen and anything you attempt to do will be rejected by the server, so again its secure.
Thirdly since you can setup multiple connections and users for a database you can easily limit the damage done by only exposing a limited account to your website (which is what i do) so that if they some how managed to rip the username and password out of it, the most they can do is insert data to the database.
What sort of method does your webserver use to register accounts to your flatfile? I bet it isnt as secure as SQL is.
In phpmyadmin u can secure your user name and passwor alloing access in database form some ips like xxx.yyy.yyy.zzz/24 < this is one subnet maskt of 255 ips or if u puntQuote:
If someone can guess your password, which is highly unlikely, they can just go to [Only registered and activated users can see links. Click Here To Register...] and they can just put in your info and access your entire database. As with a flatfile source that cannot happen.