I have a dedicated server hosting a domain and SQL database
Lets call it My_domain.com
I have written a script which accesses my database and I want to put it on
a totally different server on a domain called Client_domain.com
I have granted remote access to the SQL database by
IP address of the Client_domain.com server.
My question is about how I can limit the database access.
For example the script includes:
$host = “localhost”;
$user = “admin”;
$password = “htadtsrxdVnJIu3”;
$database = “exor543”;
When I put this script on the Client_domain.com server belonging to
someone else, if the client knows php they will be able to take that connection data
and write their own script to copy the whole database or delete
the database or just mess it all up.
If I give the client a new USER can I then limit the user to
just running certain actions on the database ?
Maybe just reading ?
( But then they could still copy the who thing )
Not sure how to address this security problem.
Any thoughts ?