防止直接访问数据库

Question

I'm thinking on a way to secure a PHP application. I would like to set up a user with limited rights on the database server side (MySQL), and configure this user in the PHP application for all database requests.

Now the problem is that someone who could have access to the source files (for example an employee) can uses the configured credentials to directly connect to the database (for example via phpmyadmin). The database should be updated only through the PHP application.

I would like to set up a mechanism (trigger or whatever possible on mysql side or php side or both) which checks from which client a request to the database come from, thus ignoring it or not. Is it possible to do that? Are there others ways to consider this problem?

Regards

Answer 1

Now the problem is that someone who could have access to the source files (for example an employee) can uses the configured credentials to directly connect to the database (for example via phpmyadmin).

This isn't something you can fully prevent. If somebody has access to the source files, you are screwed no matter what.

What is usually done to create some protection is

• to configure mySQL in a way that it's not accessible from outside the server. See Restricting MySQL connections from localhost to improve security and it should be done on Firewall level as well (talk to the sysadmin)

• have the web app use a database user account that is limited in access to whatever tables and features the app needs to function.

Answer 2

If you need to set the domain from which some user can login you can specify that when you grant that user priviledges:

GRANT ALL PRIVILEGES ON yourdatabase.* TO 'username'@'192.168.10.12' IDENTIFIED BY 'goodsecret';

This would limit the connections to 192.168.10.12, even if the password would be provided from another location it wouldn't fit this grant command.