Domain Name Hosting, Java Programming - Cheap Web Hosting Blog

Chapter 12 . Security 315 Figure 12-7: Changing the port that the MySQL server listens on can help to hide the server from a curious person. Monitoring data sent to MySQL When data is entered into a database from applications, especially those that allow users to type in their own values, you must check the data for errors and other anomalies. It is the responsibility of the developer to ensure that data sent to the MySQL server is clean and free from error. The errors occur from two sources: . A malicious attack: With intentional attacks on the application and database, the attacker may attempt to escape DDL statements into the application. There are simple methods for preventing this type of attack including a least- privileged user and data cleansing. . Normal users: Sometimes normal users of an application are more dangerous than a would-be attacker. Regardless of how many notes and documents you create for use of the application, inevitably someone will innocently enter an illegal value. The developer must account for these errors and provide some feedback to the user via error messages or regular beatings. As an administrator, you should attempt to make sure that the developer understands what is needed from a database side to make sure the data is safe. This includes working with the developer on the design of the database and tables within the database so that the incoming data is of the proper length and type for the column. Just as important is making sure the developer performs necessary cleansing of inputted data. These steps can be enumerated for items that the administrator and developer must work on together: . Use a least-privileged user for connections from the application to the database or use more than one user; one user for inserts and updates, one for selects. . Check all values to ensure that they are the expected format, string or number.
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.

This entry was posted on Sunday, October 14th, 2007 at 8:12 pm and is filed under Domain. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.