Creating Chars(5165)

[.Ryu]

Well i got one idea use a different source this was has to much problems
Or trying converting it to work with MySql...
Take the connections out of a LOTF and put it in that source

[Arcо]

Quote:

Originally Posted by Cømbat

Well i got one idea use a different source this was has to much problems
Or trying converting it to work with MySql...
Take the connections out of a LOTF and put it in that source

I think making it MySQL is a bad idea.
Keeping it flatfile will maintain security.

[Korvacs]

Quote:

Originally Posted by Hepatitis C

I think making it MySQL is a bad idea.
Keeping it flatfile will maintain security.

When did MySQL become insecure? lol

[Arcо]

Quote:

Originally Posted by Korvacs

When did MySQL become insecure? lol

If someone can guess your password, which is highly unlikely, they can just go to and they can just put in your info and access your entire database. As with a flatfile source that cannot happen.

[Korvacs]

Quote:

Originally Posted by Hepatitis C

If someone can guess your password, which is highly unlikely, they can just go to and they can just put in your info and access your entire database. As with a flatfile source that cannot happen.

They cant just goto and access it.

Who the hell is stupid enough to allow external access to their own database from every public address? You should limit it to addresses that you can trust (ie. the ip address of the server which your website is hosted from)

Further more, who the hell is stupid enough to have only one account for their database. I have 2 for example, one which can only make inserts which is used by the website account reg page, and a second which the server uses.

From where im sitting MySQL is 100 times more secure than a flatfile provided you know what your doing. SQL Databases cant be copied from a hdd and distributed freely, where as a flatfile can be errased by a disgruntled member of staff who happens to have access to your server and knows where to look.

[Arcо]

Quote:

Originally Posted by Korvacs

They cant just goto and access it.

Who the hell is stupid enough to allow external access to their own database from every public address? You should limit it to addresses that you can trust (ie. the ip address of the server which your website is hosted from)

Further more, who the hell is stupid enough to have only one account for their database. I have 2 for example, one which can only make inserts which is used by the website account reg page, and a second which the server uses.

From where im sitting MySQL is 100 times more secure than a flatfile provided you know what your doing. SQL Databases cant be copied from a hdd and distributed freely, where as a flatfile can be errased by a disgruntled member of staff who happens to have access to your server and knows where to look.

That wasn't the actual URL.

Code:

http://95.65.135.54/phpmyadmin

That's an example.
They use your ip.
If they know your password they can access it.
I've done it to people before.

And no one has access to my server so that cannot happen.

[Korvacs]

Quote:

Originally Posted by Hepatitis C

That wasn't the actual URL.

Code:

http://95.65.135.54/phpmyadmin

That's an example.
They use your ip.
If they know your password they can access it.
I've done it to people before.

And no one has access to my server so that cannot happen.

Well, a couple of things you should be aware of before you declare SQL insecure;

Firstly what your describing only applies (Clearly) to people who have installed and use phpmyadmin, if they dont then its irrelevant.

Secondly you can limit the addresses who can access your database, so if your ip address is not in the list of acceptable addresses, you are not getting in, password or not, you wont even be shown a login screen and anything you attempt to do will be rejected by the server, so again its secure.

Thirdly since you can setup multiple connections and users for a database you can easily limit the damage done by only exposing a limited account to your website (which is what i do) so that if they some how managed to rip the username and password out of it, the most they can do is insert data to the database.

What sort of method does your webserver use to register accounts to your flatfile? I bet it isnt as secure as SQL is.

[Arcо]

Quote:

Originally Posted by Korvacs

Well, a couple of things you should be aware of before you declare SQL insecure;

Firstly what your describing only applies (Clearly) to people who have installed and use phpmyadmin, if they dont then its irrelevant.

Secondly you can limit the addresses who can access your database, so if your ip address is not in the list of acceptable addresses, you are not getting in, password or not, you wont even be shown a login screen and anything you attempt to do will be rejected by the server, so again its secure.

Thirdly since you can setup multiple connections and users for a database you can easily limit the damage done by only exposing a limited account to your website (which is what i do) so that if they some how managed to rip the username and password out of it, the most they can do is insert data to the database.

What sort of method does your webserver use to register accounts to your flatfile? I bet it isnt as secure as SQL is.

Well I guess your right.
thanks for the education korc.

[WHITELIONX]

I am guessing you have found the post with the fix to the register page problem Hep No limit on PW now and it creates chars and you can actually log on with no problems from reg page now

[intel_ro]

Quote:

Originally Posted by Hepatitis C

If someone can guess your password, which is highly unlikely, they can just go to and they can just put in your info and access your entire database. As with a flatfile source that cannot happen.

In phpmyadmin u can secure your user name and passwor alloing access in database form some ips like ***.yyy.yyy.zzz/24 < this is one subnet maskt of 255 ips or if u punt
127.0.0.1/8 it will only allow from localhost conection .. but be aware how your server conect via external ip or internal ip on databse

just play with mysqladmin commands