Forums | MacLife

Okay, I've gotta present the concept of a database driven website to people who know nothing about security.

Make up words and shovel bs with conviction.

j/k.

The information is not publicly accessible is it?  Only from an admin section or local connection?  It's about as secure as it can be really.  (or needs to be rather)  You could go nuts with security, but no reason with that kind of data.

Don't tell them that it is 100% secure (there is no such thing), but a MySql database is has built in security, and whatever additional steps you take to lock it down is all the information they need.   It's a standard way of operating, and it is secure.  Email harvesters use shady methods to get email sometimes, but rarely do the "steal" databases.  They are usually not that savvy. 

Security is your responsibility and you will take all the appropriate steps need to safe-guard the data.

If that fails, just tell them for security reasons, you can't divulge the details of your security procs to anyone.

Make up words and shovel bs with conviction.

I may have pushed that one about as far as I can go

Thanks for the reply, you've set my thoughts straight as that is what I was thinking.

I've pretty much scoured for every MySQL security article I can find and it was the MySQL manual that actually offered the best info.

So I think I may have enough B/S to make this shine

Thanks

BS is great.

I've thought about MySQL security quite a bit, and it seems that in the most obvious places MySQL is very secure.  I imagine the biggest holes are the most traditional ones, like someone making a password something silly (like "password").

I found the MySQL manual, and also some tutorials online to be the biggest help.  I haven't gone through this one yet: http://www.macromedia.com/desdev/mx/dre … 2_php.html but perhaps it can be of help?